diff --git a/.gitea/workflows/build-ubuntu.yaml b/.gitea/workflows/build-ubuntu.yaml
index be89ea3..1633daa 100644
--- a/.gitea/workflows/build-ubuntu.yaml
+++ b/.gitea/workflows/build-ubuntu.yaml
@@ -32,7 +32,12 @@ jobs:
sudo apt install -y \
libpcre3-dev \
zlib1g-dev \
- libssl-dev
+ libssl-dev \
+ libxslt1-dev \
+ libgd-dev \
+ libgeoip-dev \
+ libxml2-dev \
+ uuid-dev
- name: 配置构建
run: |
@@ -41,10 +46,34 @@ jobs:
echo "目录内容:"
ls -la
- # 按照 README 步骤进行配置
- configure \
+ # 按照 README 步骤进行配置,使用 auto/configure 脚本
+ ./auto/configure \
--prefix=/usr/local/nginx \
- --with-http_ssl_module
+ --with-http_ssl_module \
+ --with-http_realip_module \
+ --with-http_addition_module \
+ --with-http_sub_module \
+ --with-http_dav_module \
+ --with-http_flv_module \
+ --with-http_mp4_module \
+ --with-http_gunzip_module \
+ --with-http_gzip_static_module \
+ --with-http_random_index_module \
+ --with-http_secure_link_module \
+ --with-http_stub_status_module \
+ --with-http_auth_request_module \
+ --with-http_xslt_module=dynamic \
+ --with-http_image_filter_module=dynamic \
+ --with-http_geoip_module=dynamic \
+ --with-threads \
+ --with-stream \
+ --with-stream_ssl_module \
+ --with-stream_ssl_preread_module \
+ --with-stream_realip_module \
+ --with-stream_geoip_module=dynamic \
+ --with-http_slice_module \
+ --with-http_v2_module \
+ --with-file-aio
- name: 编译 NGINX
run: make
@@ -52,6 +81,14 @@ jobs:
- name: 安装 NGINX
run: sudo make install
+ - name: 验证安装
+ run: |
+ echo "检查 NGINX 二进制文件..."
+ ls -la /usr/local/nginx/sbin/nginx
+
+ echo "检查 NGINX 版本..."
+ /usr/local/nginx/sbin/nginx -V
+
- name: 测试 NGINX
run: |
echo "启动 NGINX..."
@@ -60,8 +97,11 @@ jobs:
echo "等待服务启动..."
sleep 2
+ echo "检查 NGINX 进程..."
+ ps aux | grep nginx
+
echo "测试 HTTP 连接..."
- curl localhost
+ curl -v localhost || echo "HTTP 测试失败,但继续执行"
echo "停止 NGINX..."
sudo /usr/local/nginx/sbin/nginx -s quit
@@ -79,16 +119,31 @@ jobs:
apt-get install -y --no-install-recommends \
libpcre3 \
zlib1g \
- libssl3 && \
+ libssl3 \
+ libxslt1.1 \
+ libgd3 \
+ libgeoip1 \
+ libxml2 && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# 复制编译好的 nginx
COPY /usr/local/nginx /usr/local/nginx
+ # 创建 nginx 用户
+ RUN useradd --system --home /var/cache/nginx --shell /sbin/nologin --comment "nginx user" --user-group nginx
+
+ # 创建必要的目录
+ RUN mkdir -p /var/log/nginx /var/cache/nginx && \
+ chown -R nginx:nginx /var/log/nginx /var/cache/nginx
+
# 暴露端口
EXPOSE 80 443
+ # 健康检查
+ HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+ CMD curl -f http://localhost/ || exit 1
+
# 启动 nginx
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
EOF
@@ -107,4 +162,15 @@ jobs:
push: true
tags: |
${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:${{ github.sha }}
- ${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:latest
\ No newline at end of file
+ ${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:latest
+ cache-from: type=gha
+ cache-to: type=gha,mode=max
+
+ - name: 上传构建产物
+ uses: actions/upload-artifact@v4
+ with:
+ name: nginx-binary
+ path: |
+ /usr/local/nginx/sbin/nginx
+ /usr/local/nginx/conf/
+ retention-days: 7
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7e50886
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+/Makefile
+/objs/
+/tmp/
diff --git a/CHANGES b/CHANGES
deleted file mode 100644
index 5eec15e..0000000
--- a/CHANGES
+++ /dev/null
@@ -1,9290 +0,0 @@
-
-Changes with nginx 1.28.0 23 Apr 2025
-
- *) 1.28.x stable branch.
-
- *) Bugfix: nginx could not be built by gcc 15 if ngx_http_v2_module or
- ngx_http_v3_module modules were used.
-
- *) Bugfix: nginx might not be built by gcc 14 or newer with -O3 -flto
- optimization if ngx_http_v3_module was used.
-
-
-Changes with nginx 1.27.5 16 Apr 2025
-
- *) Feature: CUBIC congestion control in QUIC connections.
-
- *) Change: the maximum size limit for SSL sessions cached in shared
- memory has been raised to 8192.
-
- *) Bugfix: in the "grpc_ssl_password_file", "proxy_ssl_password_file",
- and "uwsgi_ssl_password_file" directives when loading SSL
- certificates and encrypted keys from variables; the bug had appeared
- in 1.23.1.
-
- *) Bugfix: in the $ssl_curve and $ssl_curves variables when using
- pluggable curves in OpenSSL.
-
- *) Bugfix: nginx could not be built with musl libc.
- Thanks to Piotr Sikora.
-
- *) Performance improvements and bugfixes in HTTP/3.
-
-
-Changes with nginx 1.27.4 05 Feb 2025
-
- *) Security: insufficient check in virtual servers handling with TLSv1.3
- SNI allowed to reuse SSL sessions in a different virtual server, to
- bypass client SSL certificates verification (CVE-2025-23419).
-
- *) Feature: the "ssl_object_cache_inheritable", "ssl_certificate_cache",
- "proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", and
- "uwsgi_ssl_certificate_cache" directives.
-
- *) Feature: the "keepalive_min_timeout" directive.
-
- *) Workaround: "gzip filter failed to use preallocated memory" alerts
- appeared in logs when using zlib-ng.
-
- *) Bugfix: nginx could not build libatomic library using the library
- sources if the --with-libatomic=DIR option was used.
-
- *) Bugfix: QUIC connection might not be established when using 0-RTT;
- the bug had appeared in 1.27.1.
-
- *) Bugfix: nginx now ignores QUIC version negotiation packets from
- clients.
-
- *) Bugfix: nginx could not be built on Solaris 10 and earlier with the
- ngx_http_v3_module.
-
- *) Bugfixes in HTTP/3.
-
-
-Changes with nginx 1.27.3 26 Nov 2024
-
- *) Feature: the "server" directive in the "upstream" block supports the
- "resolve" parameter.
-
- *) Feature: the "resolver" and "resolver_timeout" directives in the
- "upstream" block.
-
- *) Feature: SmarterMail specific mode support for IMAP LOGIN with
- untagged CAPABILITY response in the mail proxy module.
-
- *) Change: now TLSv1 and TLSv1.1 protocols are disabled by default.
-
- *) Change: an IPv6 address in square brackets and no port can be
- specified in the "proxy_bind", "fastcgi_bind", "grpc_bind",
- "memcached_bind", "scgi_bind", and "uwsgi_bind" directives, and as
- client address in ngx_http_realip_module.
-
- *) Bugfix: in the ngx_http_mp4_module.
- Thanks to Nils Bars.
-
- *) Bugfix: the "so_keepalive" parameter of the "listen" directive might
- be handled incorrectly on DragonFly BSD.
-
- *) Bugfix: in the "proxy_store" directive.
-
-
-Changes with nginx 1.27.2 02 Oct 2024
-
- *) Feature: SSL certificates, secret keys, and CRLs are now cached on
- start or during reconfiguration.
-
- *) Feature: client certificate validation with OCSP in the stream
- module.
-
- *) Feature: OCSP stapling support in the stream module.
-
- *) Feature: the "proxy_pass_trailers" directive in the
- ngx_http_proxy_module.
-
- *) Feature: the "ssl_client_certificate" directive now supports
- certificates with auxiliary information.
-
- *) Change: now the "ssl_client_certificate" directive is not required
- for client SSL certificates verification.
-
-
-Changes with nginx 1.27.1 14 Aug 2024
-
- *) Security: processing of a specially crafted mp4 file by the
- ngx_http_mp4_module might cause a worker process crash
- (CVE-2024-7347).
- Thanks to Nils Bars.
-
- *) Change: now the stream module handler is not mandatory.
-
- *) Bugfix: new HTTP/2 connections might ignore graceful shutdown of old
- worker processes.
- Thanks to Kasei Wang.
-
- *) Bugfixes in HTTP/3.
-
-
-Changes with nginx 1.27.0 29 May 2024
-
- *) Security: when using HTTP/3, processing of a specially crafted QUIC
- session might cause a worker process crash, worker process memory
- disclosure on systems with MTU larger than 4096 bytes, or might have
- potential other impact (CVE-2024-32760, CVE-2024-31079,
- CVE-2024-35200, CVE-2024-34161).
- Thanks to Nils Bars of CISPA.
-
- *) Feature: variables support in the "proxy_limit_rate",
- "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
- directives.
-
- *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
- "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
-
- *) Bugfix: nginx could not be built by gcc 14 if the --with-libatomic
- option was used.
- Thanks to Edgar Bonet.
-
- *) Bugfixes in HTTP/3.
-
-
-Changes with nginx 1.25.5 16 Apr 2024
-
- *) Feature: virtual servers in the stream module.
-
- *) Feature: the ngx_stream_pass_module.
-
- *) Feature: the "deferred", "accept_filter", and "setfib" parameters of
- the "listen" directive in the stream module.
-
- *) Feature: cache line size detection for some architectures.
- Thanks to Piotr Sikora.
-
- *) Feature: support for Homebrew on Apple Silicon.
- Thanks to Piotr Sikora.
-
- *) Bugfix: Windows cross-compilation bugfixes and improvements.
- Thanks to Piotr Sikora.
-
- *) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
- Thanks to Vladimir Khomutov.
-
-
-Changes with nginx 1.25.4 14 Feb 2024
-
- *) Security: when using HTTP/3 a segmentation fault might occur in a
- worker process while processing a specially crafted QUIC session
- (CVE-2024-24989, CVE-2024-24990).
-
- *) Bugfix: connections with pending AIO operations might be closed
- prematurely during graceful shutdown of old worker processes.
-
- *) Bugfix: socket leak alerts no longer logged when fast shutdown was
- requested after graceful shutdown of old worker processes.
-
- *) Bugfix: a socket descriptor error, a socket leak, or a segmentation
- fault in a worker process (for SSL proxying) might occur if AIO was
- used in a subrequest.
-
- *) Bugfix: a segmentation fault might occur in a worker process if SSL
- proxying was used along with the "image_filter" directive and errors
- with code 415 were redirected with the "error_page" directive.
-
- *) Bugfixes and improvements in HTTP/3.
-
-
-Changes with nginx 1.25.3 24 Oct 2023
-
- *) Change: improved detection of misbehaving clients when using HTTP/2.
-
- *) Feature: startup speedup when using a large number of locations.
- Thanks to Yusuke Nojima.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using HTTP/2 without SSL; the bug had appeared in 1.25.1.
-
- *) Bugfix: the "Status" backend response header line with an empty
- reason phrase was handled incorrectly.
-
- *) Bugfix: memory leak during reconfiguration when using the PCRE2
- library.
- Thanks to ZhenZhong Wu.
-
- *) Bugfixes and improvements in HTTP/3.
-
-
-Changes with nginx 1.25.2 15 Aug 2023
-
- *) Feature: path MTU discovery when using HTTP/3.
-
- *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
- HTTP/3.
-
- *) Change: now nginx uses appname "nginx" when loading OpenSSL
- configuration.
-
- *) Change: now nginx does not try to load OpenSSL configuration if the
- --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
- environment variable is not set.
-
- *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
-
- *) Bugfix: in HTTP/3.
-
-
-Changes with nginx 1.25.1 13 Jun 2023
-
- *) Feature: the "http2" directive, which enables HTTP/2 on a per-server
- basis; the "http2" parameter of the "listen" directive is now
- deprecated.
-
- *) Change: HTTP/2 server push support has been removed.
-
- *) Change: the deprecated "ssl" directive is not supported anymore.
-
- *) Bugfix: in HTTP/3 when using OpenSSL.
-
-
-Changes with nginx 1.25.0 23 May 2023
-
- *) Feature: experimental HTTP/3 support.
-
-
-Changes with nginx 1.23.4 28 Mar 2023
-
- *) Change: now TLSv1.3 protocol is enabled by default.
-
- *) Change: now nginx issues a warning if protocol parameters of a
- listening socket are redefined.
-
- *) Change: now nginx closes connections with lingering if pipelining was
- used by the client.
-
- *) Feature: byte ranges support in the ngx_http_gzip_static_module.
-
- *) Bugfix: port ranges in the "listen" directive did not work; the bug
- had appeared in 1.23.3.
- Thanks to Valentin Bartenev.
-
- *) Bugfix: incorrect location might be chosen to process a request if a
- prefix location longer than 255 characters was used in the
- configuration.
-
- *) Bugfix: non-ASCII characters in file names on Windows were not
- supported by the ngx_http_autoindex_module, the ngx_http_dav_module,
- and the "include" directive.
-
- *) Change: the logging level of the "data length too long", "length too
- short", "bad legacy version", "no shared signature algorithms", "bad
- digest length", "missing sigalgs extension", "encrypted length too
- long", "bad length", "bad key update", "mixed handshake and non
- handshake data", "ccs received early", "data between ccs and
- finished", "packet length too long", "too many warn alerts", "record
- too small", and "got a fin before a ccs" SSL errors has been lowered
- from "crit" to "info".
-
- *) Bugfix: a socket leak might occur when using HTTP/2 and the
- "error_page" directive to redirect errors with code 400.
-
- *) Bugfix: messages about logging to syslog errors did not contain
- information that the errors happened while logging to syslog.
- Thanks to Safar Safarly.
-
- *) Workaround: "gzip filter failed to use preallocated memory" alerts
- appeared in logs when using zlib-ng.
-
- *) Bugfix: in the mail proxy server.
-
-
-Changes with nginx 1.23.3 13 Dec 2022
-
- *) Bugfix: an error might occur when reading PROXY protocol version 2
- header with large number of TLVs.
-
- *) Bugfix: a segmentation fault might occur in a worker process if SSI
- was used to process subrequests created by other modules.
- Thanks to Ciel Zhao.
-
- *) Workaround: when a hostname used in the "listen" directive resolves
- to multiple addresses, nginx now ignores duplicates within these
- addresses.
-
- *) Bugfix: nginx might hog CPU during unbuffered proxying if SSL
- connections to backends were used.
-
-
-Changes with nginx 1.23.2 19 Oct 2022
-
- *) Security: processing of a specially crafted mp4 file by the
- ngx_http_mp4_module might cause a worker process crash, worker
- process memory disclosure, or might have potential other impact
- (CVE-2022-41741, CVE-2022-41742).
-
- *) Feature: the "$proxy_protocol_tlv_..." variables.
-
- *) Feature: TLS session tickets encryption keys are now automatically
- rotated when using shared memory in the "ssl_session_cache"
- directive.
-
- *) Change: the logging level of the "bad record type" SSL errors has
- been lowered from "crit" to "info".
- Thanks to Murilo Andrade.
-
- *) Change: now when using shared memory in the "ssl_session_cache"
- directive the "could not allocate new session" errors are logged at
- the "warn" level instead of "alert" and not more often than once per
- second.
-
- *) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
-
- *) Bugfix: in logging of the PROXY protocol errors.
- Thanks to Sergey Brester.
-
- *) Workaround: shared memory from the "ssl_session_cache" directive was
- spent on sessions using TLS session tickets when using TLSv1.3 with
- OpenSSL.
-
- *) Workaround: timeout specified with the "ssl_session_timeout"
- directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
-
-
-Changes with nginx 1.23.1 19 Jul 2022
-
- *) Feature: memory usage optimization in configurations with SSL
- proxying.
-
- *) Feature: looking up of IPv4 addresses while resolving now can be
- disabled with the "ipv4=off" parameter of the "resolver" directive.
-
- *) Change: the logging level of the "bad key share", "bad extension",
- "bad cipher", and "bad ecpoint" SSL errors has been lowered from
- "crit" to "info".
-
- *) Bugfix: while returning byte ranges nginx did not remove the
- "Content-Range" header line if it was present in the original backend
- response.
-
- *) Bugfix: a proxied response might be truncated during reconfiguration
- on Linux; the bug had appeared in 1.17.5.
-
-
-Changes with nginx 1.23.0 21 Jun 2022
-
- *) Change in internal API: now header lines are represented as linked
- lists.
-
- *) Change: now nginx combines arbitrary header lines with identical
- names when sending to FastCGI, SCGI, and uwsgi backends, in the
- $r->header_in() method of the ngx_http_perl_module, and during lookup
- of the "$http_...", "$sent_http_...", "$sent_trailer_...",
- "$upstream_http_...", and "$upstream_trailer_..." variables.
-
- *) Bugfix: if there were multiple "Vary" header lines in the backend
- response, nginx only used the last of them when caching.
-
- *) Bugfix: if there were multiple "WWW-Authenticate" header lines in the
- backend response and errors with code 401 were intercepted or the
- "auth_request" directive was used, nginx only sent the first of the
- header lines to the client.
-
- *) Change: the logging level of the "application data after close
- notify" SSL errors has been lowered from "crit" to "info".
-
- *) Bugfix: connections might hang if nginx was built on Linux 2.6.17 or
- newer, but was used on systems without EPOLLRDHUP support, notably
- with epoll emulation layers; the bug had appeared in 1.17.5.
- Thanks to Marcus Ball.
-
- *) Bugfix: nginx did not cache the response if the "Expires" response
- header line disabled caching, but following "Cache-Control" header
- line enabled caching.
-
-
-Changes with nginx 1.21.6 25 Jan 2022
-
- *) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
- unevenly distributed among worker processes.
-
- *) Bugfix: nginx returned the "Connection: keep-alive" header line in
- responses during graceful shutdown of old worker processes.
-
- *) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
-
-
-Changes with nginx 1.21.5 28 Dec 2021
-
- *) Change: now nginx is built with the PCRE2 library by default.
-
- *) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
-
- *) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
-
- *) Feature: the $ssl_curve variable.
-
- *) Bugfix: connections might hang when using HTTP/2 without SSL with the
- "sendfile" and "aio" directives.
-
-
-Changes with nginx 1.21.4 02 Nov 2021
-
- *) Change: support for NPN instead of ALPN to establish HTTP/2
- connections has been removed.
-
- *) Change: now nginx rejects SSL connections if ALPN is used by the
- client, but no supported protocols can be negotiated.
-
- *) Change: the default value of the "sendfile_max_chunk" directive was
- changed to 2 megabytes.
-
- *) Feature: the "proxy_half_close" directive in the stream module.
-
- *) Feature: the "ssl_alpn" directive in the stream module.
-
- *) Feature: the $ssl_alpn_protocol variable.
-
- *) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
-
- *) Feature: the "mp4_start_key_frame" directive in the
- ngx_http_mp4_module.
- Thanks to Tracey Jaquith.
-
- *) Bugfix: in the $content_length variable when using chunked transfer
- encoding.
-
- *) Bugfix: after receiving a response with incorrect length from a
- proxied backend nginx might nevertheless cache the connection.
- Thanks to Awdhesh Mathpal.
-
- *) Bugfix: invalid headers from backends were logged at the "info" level
- instead of "error"; the bug had appeared in 1.21.1.
-
- *) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
- directive.
-
-
-Changes with nginx 1.21.3 07 Sep 2021
-
- *) Change: optimization of client request body reading when using
- HTTP/2.
-
- *) Bugfix: in request body filters internal API when using HTTP/2 and
- buffering of the data being processed.
-
-
-Changes with nginx 1.21.2 31 Aug 2021
-
- *) Change: now nginx rejects HTTP/1.0 requests with the
- "Transfer-Encoding" header line.
-
- *) Change: export ciphers are no longer supported.
-
- *) Feature: OpenSSL 3.0 compatibility.
-
- *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
- are now passed to the mail proxy authentication server.
- Thanks to Rob Mueller.
-
- *) Feature: request body filters API now permits buffering of the data
- being processed.
-
- *) Bugfix: backend SSL connections in the stream module might hang after
- an SSL handshake.
-
- *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
- newer, did not affect loading of the server certificates when set
- with "@SECLEVEL=N" in the "ssl_ciphers" directive.
-
- *) Bugfix: SSL connections with gRPC backends might hang if select,
- poll, or /dev/poll methods were used.
-
- *) Bugfix: when using HTTP/2 client request body was always written to
- disk if the "Content-Length" header line was not present in the
- request.
-
-
-Changes with nginx 1.21.1 06 Jul 2021
-
- *) Change: now nginx always returns an error for the CONNECT method.
-
- *) Change: now nginx always returns an error if both "Content-Length"
- and "Transfer-Encoding" header lines are present in the request.
-
- *) Change: now nginx always returns an error if spaces or control
- characters are used in the request line.
-
- *) Change: now nginx always returns an error if spaces or control
- characters are used in a header name.
-
- *) Change: now nginx always returns an error if spaces or control
- characters are used in the "Host" request header line.
-
- *) Change: optimization of configuration testing when using many
- listening sockets.
-
- *) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
- and "}" characters when proxying with changed URI.
-
- *) Bugfix: SSL variables might be empty when used in logs; the bug had
- appeared in 1.19.5.
-
- *) Bugfix: keepalive connections with gRPC backends might not be closed
- after receiving a GOAWAY frame.
-
- *) Bugfix: reduced memory consumption for long-lived requests when
- proxying with more than 64 buffers.
-
-
-Changes with nginx 1.21.0 25 May 2021
-
- *) Security: 1-byte memory overwrite might occur during DNS server
- response processing if the "resolver" directive was used, allowing an
- attacker who is able to forge UDP packets from the DNS server to
- cause worker process crash or, potentially, arbitrary code execution
- (CVE-2021-23017).
-
- *) Feature: variables support in the "proxy_ssl_certificate",
- "proxy_ssl_certificate_key" "grpc_ssl_certificate",
- "grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
- "uwsgi_ssl_certificate_key" directives.
-
- *) Feature: the "max_errors" directive in the mail proxy module.
-
- *) Feature: the mail proxy module supports POP3 and IMAP pipelining.
-
- *) Feature: the "fastopen" parameter of the "listen" directive in the
- stream module.
- Thanks to Anbang Wen.
-
- *) Bugfix: special characters were not escaped during automatic redirect
- with appended trailing slash.
-
- *) Bugfix: connections with clients in the mail proxy module might be
- closed unexpectedly when using SMTP pipelining.
-
-
-Changes with nginx 1.19.10 13 Apr 2021
-
- *) Change: the default value of the "keepalive_requests" directive was
- changed to 1000.
-
- *) Feature: the "keepalive_time" directive.
-
- *) Feature: the $connection_time variable.
-
- *) Workaround: "gzip filter failed to use preallocated memory" alerts
- appeared in logs when using zlib-ng.
-
-
-Changes with nginx 1.19.9 30 Mar 2021
-
- *) Bugfix: nginx could not be built with the mail proxy module, but
- without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
-
- *) Bugfix: "upstream sent response body larger than indicated content
- length" errors might occur when working with gRPC backends; the bug
- had appeared in 1.19.1.
-
- *) Bugfix: nginx might not close a connection till keepalive timeout
- expiration if the connection was closed by the client while
- discarding the request body.
-
- *) Bugfix: nginx might not detect that a connection was already closed
- by the client when waiting for auth_delay or limit_req delay, or when
- working with backends.
-
- *) Bugfix: in the eventport method.
-
-
-Changes with nginx 1.19.8 09 Mar 2021
-
- *) Feature: flags in the "proxy_cookie_flags" directive can now contain
- variables.
-
- *) Feature: the "proxy_protocol" parameter of the "listen" directive,
- the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
-
- *) Bugfix: HTTP/2 connections were immediately closed when using
- "keepalive_timeout 0"; the bug had appeared in 1.19.7.
-
- *) Bugfix: some errors were logged as unknown if nginx was built with
- glibc 2.32.
-
- *) Bugfix: in the eventport method.
-
-
-Changes with nginx 1.19.7 16 Feb 2021
-
- *) Change: connections handling in HTTP/2 has been changed to better
- match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
- "http2_max_requests" directives have been removed, the
- "keepalive_timeout" and "keepalive_requests" directives should be
- used instead.
-
- *) Change: the "http2_max_field_size" and "http2_max_header_size"
- directives have been removed, the "large_client_header_buffers"
- directive should be used instead.
-
- *) Feature: now, if free worker connections are exhausted, nginx starts
- closing not only keepalive connections, but also connections in
- lingering close.
-
- *) Bugfix: "zero size buf in output" alerts might appear in logs if an
- upstream server returned an incorrect response during unbuffered
- proxying; the bug had appeared in 1.19.1.
-
- *) Bugfix: HEAD requests were handled incorrectly if the "return"
- directive was used with the "image_filter" or "xslt_stylesheet"
- directives.
-
- *) Bugfix: in the "add_trailer" directive.
-
-
-Changes with nginx 1.19.6 15 Dec 2020
-
- *) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
- block was marked as "down".
-
- *) Bugfix: a segmentation fault might occur in a worker process if HTTPS
- was used; the bug had appeared in 1.19.5.
-
- *) Bugfix: nginx returned the 400 response on requests like
- "GET http://example.com?args HTTP/1.0".
-
- *) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
- Thanks to Chris Newton.
-
-
-Changes with nginx 1.19.5 24 Nov 2020
-
- *) Feature: the -e switch.
-
- *) Feature: the same source files can now be specified in different
- modules while building addon modules.
-
- *) Bugfix: SSL shutdown did not work when lingering close was used.
-
- *) Bugfix: "upstream sent frame for closed stream" errors might occur
- when working with gRPC backends.
-
- *) Bugfix: in request body filters internal API.
-
-
-Changes with nginx 1.19.4 27 Oct 2020
-
- *) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
- "grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
-
- *) Feature: the "ssl_reject_handshake" directive.
-
- *) Feature: the "proxy_smtp_auth" directive in mail proxy.
-
-
-Changes with nginx 1.19.3 29 Sep 2020
-
- *) Feature: the ngx_stream_set_module.
-
- *) Feature: the "proxy_cookie_flags" directive.
-
- *) Feature: the "userid_flags" directive.
-
- *) Bugfix: the "stale-if-error" cache control extension was erroneously
- applied if backend returned a response with status code 500, 502,
- 503, 504, 403, 404, or 429.
-
- *) Bugfix: "[crit] cache file ... has too long header" messages might
- appear in logs if caching was used and the backend returned responses
- with the "Vary" header line.
-
- *) Workaround: "[crit] SSL_write() failed" messages might appear in logs
- when using OpenSSL 1.1.1.
-
- *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
- might appear in logs; the bug had appeared in 1.19.2.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using HTTP/2 if errors with code 400 were redirected to a proxied
- location using the "error_page" directive.
-
- *) Bugfix: socket leak when using HTTP/2 and subrequests in the njs
- module.
-
-
-Changes with nginx 1.19.2 11 Aug 2020
-
- *) Change: now nginx starts closing keepalive connections before all
- free worker connections are exhausted, and logs a warning about this
- to the error log.
-
- *) Change: optimization of client request body reading when using
- chunked transfer encoding.
-
- *) Bugfix: memory leak if the "ssl_ocsp" directive was used.
-
- *) Bugfix: "zero size buf in output" alerts might appear in logs if a
- FastCGI server returned an incorrect response; the bug had appeared
- in 1.19.1.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- different large_client_header_buffers sizes were used in different
- virtual servers.
-
- *) Bugfix: SSL shutdown might not work.
-
- *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
- might appear in logs.
-
- *) Bugfix: in the ngx_http_slice_module.
-
- *) Bugfix: in the ngx_http_xslt_filter_module.
-
-
-Changes with nginx 1.19.1 07 Jul 2020
-
- *) Change: the "lingering_close", "lingering_time", and
- "lingering_timeout" directives now work when using HTTP/2.
-
- *) Change: now extra data sent by a backend are always discarded.
-
- *) Change: now after receiving a too short response from a FastCGI
- server nginx tries to send the available part of the response to the
- client, and then closes the client connection.
-
- *) Change: now after receiving a response with incorrect length from a
- gRPC backend nginx stops response processing with an error.
-
- *) Feature: the "min_free" parameter of the "proxy_cache_path",
- "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
- directives.
- Thanks to Adam Bambuch.
-
- *) Bugfix: nginx did not delete unix domain listen sockets during
- graceful shutdown on the SIGQUIT signal.
-
- *) Bugfix: zero length UDP datagrams were not proxied.
-
- *) Bugfix: proxying to uwsgi backends using SSL might not work.
- Thanks to Guanzhong Chen.
-
- *) Bugfix: in error handling when using the "ssl_ocsp" directive.
-
- *) Bugfix: on XFS and NFS file systems disk cache size might be
- calculated incorrectly.
-
- *) Bugfix: "negative size buf in writer" alerts might appear in logs if
- a memcached server returned a malformed response.
-
-
-Changes with nginx 1.19.0 26 May 2020
-
- *) Feature: client certificate validation with OCSP.
-
- *) Bugfix: "upstream sent frame for closed stream" errors might occur
- when working with gRPC backends.
-
- *) Bugfix: OCSP stapling might not work if the "resolver" directive was
- not specified.
-
- *) Bugfix: connections with incorrect HTTP/2 preface were not logged.
-
-
-Changes with nginx 1.17.10 14 Apr 2020
-
- *) Feature: the "auth_delay" directive.
-
-
-Changes with nginx 1.17.9 03 Mar 2020
-
- *) Change: now nginx does not allow several "Host" request header lines.
-
- *) Bugfix: nginx ignored additional "Transfer-Encoding" request header
- lines.
-
- *) Bugfix: socket leak when using HTTP/2.
-
- *) Bugfix: a segmentation fault might occur in a worker process if OCSP
- stapling was used.
-
- *) Bugfix: in the ngx_http_mp4_module.
-
- *) Bugfix: nginx used status code 494 instead of 400 if errors with code
- 494 were redirected with the "error_page" directive.
-
- *) Bugfix: socket leak when using subrequests in the njs module and the
- "aio" directive.
-
-
-Changes with nginx 1.17.8 21 Jan 2020
-
- *) Feature: variables support in the "grpc_pass" directive.
-
- *) Bugfix: a timeout might occur while handling pipelined requests in an
- SSL connection; the bug had appeared in 1.17.5.
-
- *) Bugfix: in the "debug_points" directive when using HTTP/2.
- Thanks to Daniil Bondarev.
-
-
-Changes with nginx 1.17.7 24 Dec 2019
-
- *) Bugfix: a segmentation fault might occur on start or during
- reconfiguration if the "rewrite" directive with an empty replacement
- string was used in the configuration.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "break" directive was used with the "alias" directive or with the
- "proxy_pass" directive with a URI.
-
- *) Bugfix: the "Location" response header line might contain garbage if
- the request URI was rewritten to the one containing a null character.
-
- *) Bugfix: requests with bodies were handled incorrectly when returning
- redirections with the "error_page" directive; the bug had appeared in
- 0.7.12.
-
- *) Bugfix: socket leak when using HTTP/2.
-
- *) Bugfix: a timeout might occur while handling pipelined requests in an
- SSL connection; the bug had appeared in 1.17.5.
-
- *) Bugfix: in the ngx_http_dav_module.
-
-
-Changes with nginx 1.17.6 19 Nov 2019
-
- *) Feature: the $proxy_protocol_server_addr and
- $proxy_protocol_server_port variables.
-
- *) Feature: the "limit_conn_dry_run" directive.
-
- *) Feature: the $limit_req_status and $limit_conn_status variables.
-
-
-Changes with nginx 1.17.5 22 Oct 2019
-
- *) Feature: now nginx uses ioctl(FIONREAD), if available, to avoid
- reading from a fast connection for a long time.
-
- *) Bugfix: incomplete escaped characters at the end of the request URI
- were ignored.
-
- *) Bugfix: "/." and "/.." at the end of the request URI were not
- normalized.
-
- *) Bugfix: in the "merge_slashes" directive.
-
- *) Bugfix: in the "ignore_invalid_headers" directive.
- Thanks to Alan Kemp.
-
- *) Bugfix: nginx could not be built with MinGW-w64 gcc 8.1 or newer.
-
-
-Changes with nginx 1.17.4 24 Sep 2019
-
- *) Change: better detection of incorrect client behavior in HTTP/2.
-
- *) Change: in handling of not fully read client request body when
- returning errors in HTTP/2.
-
- *) Bugfix: the "worker_shutdown_timeout" directive might not work when
- using HTTP/2.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using HTTP/2 and the "proxy_request_buffering" directive.
-
- *) Bugfix: the ECONNABORTED error log level was "crit" instead of
- "error" on Windows when using SSL.
-
- *) Bugfix: nginx ignored extra data when using chunked transfer
- encoding.
-
- *) Bugfix: nginx always returned the 500 error if the "return" directive
- was used and an error occurred during reading client request body.
-
- *) Bugfix: in memory allocation error handling.
-
-
-Changes with nginx 1.17.3 13 Aug 2019
-
- *) Security: when using HTTP/2 a client might cause excessive memory
- consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
- CVE-2019-9516).
-
- *) Bugfix: "zero size buf" alerts might appear in logs when using
- gzipping; the bug had appeared in 1.17.2.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "resolver" directive was used in SMTP proxy.
-
-
-Changes with nginx 1.17.2 23 Jul 2019
-
- *) Change: minimum supported zlib version is 1.2.0.4.
- Thanks to Ilya Leoshkevich.
-
- *) Change: the $r->internal_redirect() embedded perl method now expects
- escaped URIs.
-
- *) Feature: it is now possible to switch to a named location using the
- $r->internal_redirect() embedded perl method.
-
- *) Bugfix: in error handling in embedded perl.
-
- *) Bugfix: a segmentation fault might occur on start or during
- reconfiguration if hash bucket size larger than 64 kilobytes was used
- in the configuration.
-
- *) Bugfix: nginx might hog CPU during unbuffered proxying and when
- proxying WebSocket connections if the select, poll, or /dev/poll
- methods were used.
-
- *) Bugfix: in the ngx_http_xslt_filter_module.
-
- *) Bugfix: in the ngx_http_ssi_filter_module.
-
-
-Changes with nginx 1.17.1 25 Jun 2019
-
- *) Feature: the "limit_req_dry_run" directive.
-
- *) Feature: when using the "hash" directive inside the "upstream" block
- an empty hash key now triggers round-robin balancing.
- Thanks to Niklas Keller.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- caching was used along with the "image_filter" directive, and errors
- with code 415 were redirected with the "error_page" directive; the
- bug had appeared in 1.11.10.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- embedded perl was used; the bug had appeared in 1.7.3.
-
-
-Changes with nginx 1.17.0 21 May 2019
-
- *) Feature: variables support in the "limit_rate" and "limit_rate_after"
- directives.
-
- *) Feature: variables support in the "proxy_upload_rate" and
- "proxy_download_rate" directives in the stream module.
-
- *) Change: minimum supported OpenSSL version is 0.9.8.
-
- *) Change: now the postpone filter is always built.
-
- *) Bugfix: the "include" directive did not work inside the "if" and
- "limit_except" blocks.
-
- *) Bugfix: in byte ranges processing.
-
-
-Changes with nginx 1.15.12 16 Apr 2019
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- variables were used in the "ssl_certificate" or "ssl_certificate_key"
- directives and OCSP stapling was enabled.
-
-
-Changes with nginx 1.15.11 09 Apr 2019
-
- *) Bugfix: in the "ssl_stapling_file" directive on Windows.
-
-
-Changes with nginx 1.15.10 26 Mar 2019
-
- *) Change: when using a hostname in the "listen" directive nginx now
- creates listening sockets for all addresses the hostname resolves to
- (previously, only the first address was used).
-
- *) Feature: port ranges in the "listen" directive.
-
- *) Feature: loading of SSL certificates and secret keys from variables.
-
- *) Workaround: the $ssl_server_name variable might be empty when using
- OpenSSL 1.1.1.
-
- *) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
- newer; the bug had appeared in 1.15.9.
-
-
-Changes with nginx 1.15.9 26 Feb 2019
-
- *) Feature: variables support in the "ssl_certificate" and
- "ssl_certificate_key" directives.
-
- *) Feature: the "poll" method is now available on Windows when using
- Windows Vista or newer.
-
- *) Bugfix: if the "select" method was used on Windows and an error
- occurred while establishing a backend connection, nginx waited for
- the connection establishment timeout to expire.
-
- *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
- in the stream module worked incorrectly when proxying UDP datagrams.
-
-
-Changes with nginx 1.15.8 25 Dec 2018
-
- *) Feature: the $upstream_bytes_sent variable.
- Thanks to Piotr Sikora.
-
- *) Feature: new directives in vim syntax highlighting scripts.
- Thanks to Gena Makhomed.
-
- *) Bugfix: in the "proxy_cache_background_update" directive.
-
- *) Bugfix: in the "geo" directive when using unix domain listen sockets.
-
- *) Workaround: the "ignoring stale global SSL error ... bad length"
- alerts might appear in logs when using the "ssl_early_data" directive
- with OpenSSL.
-
- *) Bugfix: in nginx/Windows.
-
- *) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
-
-
-Changes with nginx 1.15.7 27 Nov 2018
-
- *) Feature: the "proxy_requests" directive in the stream module.
-
- *) Feature: the "delay" parameter of the "limit_req" directive.
- Thanks to Vladislav Shabanov and Peter Shchuchkin.
-
- *) Bugfix: memory leak on errors during reconfiguration.
-
- *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
- $upstream_header_time variables.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- ngx_http_mp4_module was used on 32-bit platforms.
-
-
-Changes with nginx 1.15.6 06 Nov 2018
-
- *) Security: when using HTTP/2 a client might cause excessive memory
- consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
-
- *) Security: processing of a specially crafted mp4 file with the
- ngx_http_mp4_module might result in worker process memory disclosure
- (CVE-2018-16845).
-
- *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
- "grpc_socket_keepalive", "memcached_socket_keepalive",
- "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
-
- *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
- 1.1.1, the TLS 1.3 protocol was always enabled.
-
- *) Bugfix: working with gRPC backends might result in excessive memory
- consumption.
-
-
-Changes with nginx 1.15.5 02 Oct 2018
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
-
- *) Bugfix: of minor potential bugs.
-
-
-Changes with nginx 1.15.4 25 Sep 2018
-
- *) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
-
- *) Bugfix: in the ngx_http_uwsgi_module.
- Thanks to Chris Caputo.
-
- *) Bugfix: connections with some gRPC backends might not be cached when
- using the "keepalive" directive.
-
- *) Bugfix: a socket leak might occur when using the "error_page"
- directive to redirect early request processing errors, notably errors
- with code 400.
-
- *) Bugfix: the "return" directive did not change the response code when
- returning errors if the request was redirected by the "error_page"
- directive.
-
- *) Bugfix: standard error pages and responses of the
- ngx_http_autoindex_module module used the "bgcolor" attribute, and
- might be displayed incorrectly when using custom color settings in
- browsers.
- Thanks to Nova DasSarma.
-
- *) Change: the logging level of the "no suitable key share" and "no
- suitable signature algorithm" SSL errors has been lowered from "crit"
- to "info".
-
-
-Changes with nginx 1.15.3 28 Aug 2018
-
- *) Feature: now TLSv1.3 can be used with BoringSSL.
-
- *) Feature: the "ssl_early_data" directive, currently available with
- BoringSSL.
-
- *) Feature: the "keepalive_timeout" and "keepalive_requests" directives
- in the "upstream" block.
-
- *) Bugfix: the ngx_http_dav_module did not truncate destination file
- when copying a file over an existing one with the COPY method.
-
- *) Bugfix: the ngx_http_dav_module used zero access rights on the
- destination file and did not preserve file modification time when
- moving a file between different file systems with the MOVE method.
-
- *) Bugfix: the ngx_http_dav_module used default access rights when
- copying a file with the COPY method.
-
- *) Workaround: some clients might not work when using HTTP/2; the bug
- had appeared in 1.13.5.
-
- *) Bugfix: nginx could not be built with LibreSSL 2.8.0.
-
-
-Changes with nginx 1.15.2 24 Jul 2018
-
- *) Feature: the $ssl_preread_protocol variable in the
- ngx_stream_ssl_preread_module.
-
- *) Feature: now when using the "reset_timedout_connection" directive
- nginx will reset connections being closed with the 444 code.
-
- *) Change: a logging level of the "http request", "https proxy request",
- "unsupported protocol", and "version too low" SSL errors has been
- lowered from "crit" to "info".
-
- *) Bugfix: DNS requests were not resent if initial sending of a request
- failed.
-
- *) Bugfix: the "reuseport" parameter of the "listen" directive was
- ignored if the number of worker processes was specified after the
- "listen" directive.
-
- *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
- switch off "ssl_prefer_server_ciphers" in a virtual server if it was
- switched on in the default server.
-
- *) Bugfix: SSL session reuse with upstream servers did not work with the
- TLS 1.3 protocol.
-
-
-Changes with nginx 1.15.1 03 Jul 2018
-
- *) Feature: the "random" directive inside the "upstream" block.
-
- *) Feature: improved performance when using the "hash" and "ip_hash"
- directives with the "zone" directive.
-
- *) Feature: the "reuseport" parameter of the "listen" directive now uses
- SO_REUSEPORT_LB on FreeBSD 12.
-
- *) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
- proxy server in front of nginx.
-
- *) Bugfix: the "tcp_nopush" directive was always used on backend
- connections.
-
- *) Bugfix: sending a disk-buffered request body to a gRPC backend might
- fail.
-
-
-Changes with nginx 1.15.0 05 Jun 2018
-
- *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
- "listen" directive should be used instead.
-
- *) Change: now nginx detects missing SSL certificates during
- configuration testing when using the "ssl" parameter of the "listen"
- directive.
-
- *) Feature: now the stream module can handle multiple incoming UDP
- datagrams from a client within a single session.
-
- *) Bugfix: it was possible to specify an incorrect response code in the
- "proxy_cache_valid" directive.
-
- *) Bugfix: nginx could not be built by gcc 8.1.
-
- *) Bugfix: logging to syslog stopped on local IP address changes.
-
- *) Bugfix: nginx could not be built by clang with CUDA SDK installed;
- the bug had appeared in 1.13.8.
-
- *) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
- in logs during binary upgrade when using unix domain listen sockets
- on FreeBSD.
-
- *) Bugfix: nginx could not be built on Fedora 28 Linux.
-
- *) Bugfix: request processing rate might exceed configured rate when
- using the "limit_req" directive.
-
- *) Bugfix: in handling of client addresses when using unix domain listen
- sockets to work with datagrams on Linux.
-
- *) Bugfix: in memory allocation error handling.
-
-
-Changes with nginx 1.13.12 10 Apr 2018
-
- *) Bugfix: connections with gRPC backends might be closed unexpectedly
- when returning a large response.
-
-
-Changes with nginx 1.13.11 03 Apr 2018
-
- *) Feature: the "proxy_protocol" parameter of the "listen" directive now
- supports the PROXY protocol version 2.
-
- *) Bugfix: nginx could not be built with OpenSSL 1.1.1 statically on
- Linux.
-
- *) Bugfix: in the "http_404", "http_500", etc. parameters of the
- "proxy_next_upstream" directive.
-
-
-Changes with nginx 1.13.10 20 Mar 2018
-
- *) Feature: the "set" parameter of the "include" SSI directive now
- allows writing arbitrary responses to a variable; the
- "subrequest_output_buffer_size" directive defines maximum response
- size.
-
- *) Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available,
- to avoid timeouts being incorrectly triggered on system time changes.
-
- *) Feature: the "escape=none" parameter of the "log_format" directive.
- Thanks to Johannes Baiter and Calin Don.
-
- *) Feature: the $ssl_preread_alpn_protocols variable in the
- ngx_stream_ssl_preread_module.
-
- *) Feature: the ngx_http_grpc_module.
-
- *) Bugfix: in memory allocation error handling in the "geo" directive.
-
- *) Bugfix: when using variables in the "auth_basic_user_file" directive
- a null character might appear in logs.
- Thanks to Vadim Filimonov.
-
-
-Changes with nginx 1.13.9 20 Feb 2018
-
- *) Feature: HTTP/2 server push support; the "http2_push" and
- "http2_push_preload" directives.
-
- *) Bugfix: "header already sent" alerts might appear in logs when using
- cache; the bug had appeared in 1.9.13.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "ssl_verify_client" directive was used and no SSL certificate was
- specified in a virtual server.
-
- *) Bugfix: in the ngx_http_v2_module.
-
- *) Bugfix: in the ngx_http_dav_module.
-
-
-Changes with nginx 1.13.8 26 Dec 2017
-
- *) Feature: now nginx automatically preserves the CAP_NET_RAW capability
- in worker processes when using the "transparent" parameter of the
- "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and
- "uwsgi_bind" directives.
-
- *) Feature: improved CPU cache line size detection.
- Thanks to Debayan Ghosh.
-
- *) Feature: new directives in vim syntax highlighting scripts.
- Thanks to Gena Makhomed.
-
- *) Bugfix: binary upgrade refused to work if nginx was re-parented to a
- process with PID different from 1 after its parent process has
- finished.
-
- *) Bugfix: the ngx_http_autoindex_module incorrectly handled requests
- with bodies.
-
- *) Bugfix: in the "proxy_limit_rate" directive when used with the
- "keepalive" directive.
-
- *) Bugfix: some parts of a response might be buffered when using
- "proxy_buffering off" if the client connection used SSL.
- Thanks to Patryk Lesiewicz.
-
- *) Bugfix: in the "proxy_cache_background_update" directive.
-
- *) Bugfix: it was not possible to start a parameter with a variable in
- the "${name}" form with the name in curly brackets without enclosing
- the parameter into single or double quotes.
-
-
-Changes with nginx 1.13.7 21 Nov 2017
-
- *) Bugfix: in the $upstream_status variable.
-
- *) Bugfix: a segmentation fault might occur in a worker process if a
- backend returned a "101 Switching Protocols" response to a
- subrequest.
-
- *) Bugfix: a segmentation fault occurred in a master process if a shared
- memory zone size was changed during a reconfiguration and the
- reconfiguration failed.
-
- *) Bugfix: in the ngx_http_fastcgi_module.
-
- *) Bugfix: nginx returned the 500 error if parameters without variables
- were specified in the "xslt_stylesheet" directive.
-
- *) Workaround: "gzip filter failed to use preallocated memory" alerts
- appeared in logs when using a zlib library variant from Intel.
-
- *) Bugfix: the "worker_shutdown_timeout" directive did not work when
- using mail proxy and when proxying WebSocket connections.
-
-
-Changes with nginx 1.13.6 10 Oct 2017
-
- *) Bugfix: switching to the next upstream server in the stream module
- did not work when using the "ssl_preread" directive.
-
- *) Bugfix: in the ngx_http_v2_module.
- Thanks to Piotr Sikora.
-
- *) Bugfix: nginx did not support dates after the year 2038 on 32-bit
- platforms with 64-bit time_t.
-
- *) Bugfix: in handling of dates prior to the year 1970 and after the
- year 10000.
-
- *) Bugfix: in the stream module timeouts waiting for UDP datagrams from
- upstream servers were not logged or logged at the "info" level
- instead of "error".
-
- *) Bugfix: when using HTTP/2 nginx might return the 400 response without
- logging the reason.
-
- *) Bugfix: in processing of corrupted cache files.
-
- *) Bugfix: cache control headers were ignored when caching errors
- intercepted by error_page.
-
- *) Bugfix: when using HTTP/2 client request body might be corrupted.
-
- *) Bugfix: in handling of client addresses when using unix domain
- sockets.
-
- *) Bugfix: nginx hogged CPU when using the "hash ... consistent"
- directive in the upstream block if large weights were used and all or
- most of the servers were unavailable.
-
-
-Changes with nginx 1.13.5 05 Sep 2017
-
- *) Feature: the $ssl_client_escaped_cert variable.
-
- *) Bugfix: the "ssl_session_ticket_key" directive and the "include"
- parameter of the "geo" directive did not work on Windows.
-
- *) Bugfix: incorrect response length was returned on 32-bit platforms
- when requesting more than 4 gigabytes with multiple ranges.
-
- *) Bugfix: the "expires modified" directive and processing of the
- "If-Range" request header line did not use the response last
- modification time if proxying without caching was used.
-
-
-Changes with nginx 1.13.4 08 Aug 2017
-
- *) Feature: the ngx_http_mirror_module.
-
- *) Bugfix: client connections might be dropped during configuration
- testing when using the "reuseport" parameter of the "listen"
- directive on Linux.
-
- *) Bugfix: request body might not be available in subrequests if it was
- saved to a file and proxying was used.
-
- *) Bugfix: cleaning cache based on the "max_size" parameter did not work
- on Windows.
-
- *) Bugfix: any shared memory allocation required 4096 bytes on Windows.
-
- *) Bugfix: nginx worker might be terminated abnormally when using the
- "zone" directive inside the "upstream" block on Windows.
-
-
-Changes with nginx 1.13.3 11 Jul 2017
-
- *) Security: a specially crafted request might result in an integer
- overflow and incorrect processing of ranges in the range filter,
- potentially resulting in sensitive information leak (CVE-2017-7529).
-
-
-Changes with nginx 1.13.2 27 Jun 2017
-
- *) Change: nginx now returns 200 instead of 416 when a range starting
- with 0 is requested from an empty file.
-
- *) Feature: the "add_trailer" directive.
- Thanks to Piotr Sikora.
-
- *) Bugfix: nginx could not be built on Cygwin and NetBSD; the bug had
- appeared in 1.13.0.
-
- *) Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit.
- Thanks to Orgad Shaneh.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using SSI with many includes and proxy_pass with variables.
-
- *) Bugfix: in the ngx_http_v2_module.
- Thanks to Piotr Sikora.
-
-
-Changes with nginx 1.13.1 30 May 2017
-
- *) Feature: now a hostname can be used as the "set_real_ip_from"
- directive parameter.
-
- *) Feature: vim syntax highlighting scripts improvements.
-
- *) Feature: the "worker_cpu_affinity" directive now works on DragonFly
- BSD.
- Thanks to Sepherosa Ziehau.
-
- *) Bugfix: SSL renegotiation on backend connections did not work when
- using OpenSSL before 1.1.0.
-
- *) Workaround: nginx could not be built with Oracle Developer Studio
- 12.5.
-
- *) Workaround: now cache manager ignores long locked cache entries when
- cleaning cache based on the "max_size" parameter.
-
- *) Bugfix: client SSL connections were immediately closed if deferred
- accept and the "proxy_protocol" parameter of the "listen" directive
- were used.
-
- *) Bugfix: in the "proxy_cache_background_update" directive.
-
- *) Workaround: now the "tcp_nodelay" directive sets the TCP_NODELAY
- option before an SSL handshake.
-
-
-Changes with nginx 1.13.0 25 Apr 2017
-
- *) Change: SSL renegotiation is now allowed on backend connections.
-
- *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
- directives of the mail proxy and stream modules.
-
- *) Feature: the "return" and "error_page" directives can now be used to
- return 308 redirections.
- Thanks to Simon Leblanc.
-
- *) Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive.
-
- *) Feature: when logging signals nginx now logs PID of the process which
- sent the signal.
-
- *) Bugfix: in memory allocation error handling.
-
- *) Bugfix: if a server in the stream module listened on a wildcard
- address, the source address of a response UDP datagram could differ
- from the original datagram destination address.
-
-
-Changes with nginx 1.11.13 04 Apr 2017
-
- *) Feature: the "http_429" parameter of the "proxy_next_upstream",
- "fastcgi_next_upstream", "scgi_next_upstream", and
- "uwsgi_next_upstream" directives.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in memory allocation error handling.
-
- *) Bugfix: requests might hang when using the "sendfile" and
- "timer_resolution" directives on Linux.
-
- *) Bugfix: requests might hang when using the "sendfile" and "aio_write"
- directives with subrequests.
-
- *) Bugfix: in the ngx_http_v2_module.
- Thanks to Piotr Sikora.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using HTTP/2.
-
- *) Bugfix: requests might hang when using the "limit_rate",
- "sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
- embedded perl method with subrequests.
-
- *) Bugfix: in the ngx_http_slice_module.
-
-
-Changes with nginx 1.11.12 24 Mar 2017
-
- *) Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
-
-
-Changes with nginx 1.11.11 21 Mar 2017
-
- *) Feature: the "worker_shutdown_timeout" directive.
-
- *) Feature: vim syntax highlighting scripts improvements.
- Thanks to Wei-Ko Kao.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- $limit_rate variable was set to an empty string.
-
- *) Bugfix: the "proxy_cache_background_update",
- "fastcgi_cache_background_update", "scgi_cache_background_update",
- and "uwsgi_cache_background_update" directives might work incorrectly
- if the "if" directive was used.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- number of large_client_header_buffers in a virtual server was
- different from the one in the default server.
-
- *) Bugfix: in the mail proxy server.
-
-
-Changes with nginx 1.11.10 14 Feb 2017
-
- *) Change: cache header format has been changed, previously cached
- responses will be invalidated.
-
- *) Feature: support of "stale-while-revalidate" and "stale-if-error"
- extensions in the "Cache-Control" backend response header line.
-
- *) Feature: the "proxy_cache_background_update",
- "fastcgi_cache_background_update", "scgi_cache_background_update",
- and "uwsgi_cache_background_update" directives.
-
- *) Feature: nginx is now able to cache responses with the "Vary" header
- line up to 128 characters long (instead of 42 characters in previous
- versions).
-
- *) Feature: the "build" parameter of the "server_tokens" directive.
- Thanks to Tom Thorogood.
-
- *) Bugfix: "[crit] SSL_write() failed" messages might appear in logs
- when handling requests with the "Expect: 100-continue" request header
- line.
-
- *) Bugfix: the ngx_http_slice_module did not work in named locations.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using AIO after an "X-Accel-Redirect" redirection.
-
- *) Bugfix: reduced memory consumption for long-lived requests using
- gzipping.
-
-
-Changes with nginx 1.11.9 24 Jan 2017
-
- *) Bugfix: nginx might hog CPU when using the stream module; the bug had
- appeared in 1.11.5.
-
- *) Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
- even if it was not enabled in the configuration.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "ssl_verify_client" directive of the stream module was used.
-
- *) Bugfix: the "ssl_verify_client" directive of the stream module might
- not work.
-
- *) Bugfix: closing keepalive connections due to no free worker
- connections might be too aggressive.
- Thanks to Joel Cunningham.
-
- *) Bugfix: an incorrect response might be returned when using the
- "sendfile" directive on FreeBSD and macOS; the bug had appeared in
- 1.7.8.
-
- *) Bugfix: a truncated response might be stored in cache when using the
- "aio_write" directive.
-
- *) Bugfix: a socket leak might occur when using the "aio_write"
- directive.
-
-
-Changes with nginx 1.11.8 27 Dec 2016
-
- *) Feature: the "absolute_redirect" directive.
-
- *) Feature: the "escape" parameter of the "log_format" directive.
-
- *) Feature: client SSL certificates verification in the stream module.
-
- *) Feature: the "ssl_session_ticket_key" directive supports AES256
- encryption of TLS session tickets when used with 80-byte keys.
-
- *) Feature: vim-commentary support in vim scripts.
- Thanks to Armin Grodon.
-
- *) Bugfix: recursion when evaluating variables was not limited.
-
- *) Bugfix: in the ngx_stream_ssl_preread_module.
-
- *) Bugfix: if a server in an upstream in the stream module failed, it
- was considered alive only when a test connection sent to it after
- fail_timeout was closed; now a successfully established connection is
- enough.
-
- *) Bugfix: nginx/Windows could not be built with 64-bit Visual Studio.
-
- *) Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.
-
-
-Changes with nginx 1.11.7 13 Dec 2016
-
- *) Change: now in case of a client certificate verification error the
- $ssl_client_verify variable contains a string with the failure
- reason, for example, "FAILED:certificate has expired".
-
- *) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
- $ssl_client_v_end, and $ssl_client_v_remain variables.
-
- *) Feature: the "volatile" parameter of the "map" directive.
-
- *) Bugfix: dependencies specified for a module were ignored while
- building dynamic modules.
-
- *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
- directives client request body might be corrupted; the bug had
- appeared in 1.11.0.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using HTTP/2; the bug had appeared in 1.11.3.
-
- *) Bugfix: in the ngx_http_mp4_module.
- Thanks to Congcong Hu.
-
- *) Bugfix: in the ngx_http_perl_module.
-
-
-Changes with nginx 1.11.6 15 Nov 2016
-
- *) Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables
- has been changed to follow RFC 2253 (RFC 4514); values in the old
- format are available in the $ssl_client_s_dn_legacy and
- $ssl_client_i_dn_legacy variables.
-
- *) Change: when storing temporary files in a cache directory they will
- be stored in the same subdirectories as corresponding cache files
- instead of a separate subdirectory for temporary files.
-
- *) Feature: EXTERNAL authentication mechanism support in mail proxy.
- Thanks to Robert Norris.
-
- *) Feature: WebP support in the ngx_http_image_filter_module.
-
- *) Feature: variables support in the "proxy_method" directive.
- Thanks to Dmitry Lazurkin.
-
- *) Feature: the "http2_max_requests" directive in the
- ngx_http_v2_module.
-
- *) Feature: the "proxy_cache_max_range_offset",
- "fastcgi_cache_max_range_offset", "scgi_cache_max_range_offset", and
- "uwsgi_cache_max_range_offset" directives.
-
- *) Bugfix: graceful shutdown of old worker processes might require
- infinite time when using HTTP/2.
-
- *) Bugfix: in the ngx_http_mp4_module.
-
- *) Bugfix: "ignore long locked inactive cache entry" alerts might appear
- in logs when proxying WebSocket connections with caching enabled.
-
- *) Bugfix: nginx did not write anything to log and returned a response
- with code 502 instead of 504 when a timeout occurred during an SSL
- handshake to a backend.
-
-
-Changes with nginx 1.11.5 11 Oct 2016
-
- *) Change: the --with-ipv6 configure option was removed, now IPv6
- support is configured automatically.
-
- *) Change: now if there are no available servers in an upstream, nginx
- will not reset number of failures of all servers as it previously
- did, but will wait for fail_timeout to expire.
-
- *) Feature: the ngx_stream_ssl_preread_module.
-
- *) Feature: the "server" directive in the "upstream" context supports
- the "max_conns" parameter.
-
- *) Feature: the --with-compat configure option.
-
- *) Feature: "manager_files", "manager_threshold", and "manager_sleep"
- parameters of the "proxy_cache_path", "fastcgi_cache_path",
- "scgi_cache_path", and "uwsgi_cache_path" directives.
-
- *) Bugfix: flags passed by the --with-ld-opt configure option were not
- used while building perl module.
-
- *) Bugfix: in the "add_after_body" directive when used with the
- "sub_filter" directive.
-
- *) Bugfix: in the $realip_remote_addr variable.
-
- *) Bugfix: the "dav_access", "proxy_store_access",
- "fastcgi_store_access", "scgi_store_access", and "uwsgi_store_access"
- directives ignored permissions specified for user.
-
- *) Bugfix: unix domain listen sockets might not be inherited during
- binary upgrade on Linux.
-
- *) Bugfix: nginx returned the 400 response on requests with the "-"
- character in the HTTP method.
-
-
-Changes with nginx 1.11.4 13 Sep 2016
-
- *) Feature: the $upstream_bytes_received variable.
-
- *) Feature: the $bytes_received, $session_time, $protocol, $status,
- $upstream_addr, $upstream_bytes_sent, $upstream_bytes_received,
- $upstream_connect_time, $upstream_first_byte_time, and
- $upstream_session_time variables in the stream module.
-
- *) Feature: the ngx_stream_log_module.
-
- *) Feature: the "proxy_protocol" parameter of the "listen" directive,
- the $proxy_protocol_addr and $proxy_protocol_port variables in the
- stream module.
-
- *) Feature: the ngx_stream_realip_module.
-
- *) Bugfix: nginx could not be built with the stream module and the
- ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug had
- appeared in 1.11.3.
-
- *) Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not used; the
- bug had appeared in 1.11.2.
-
- *) Bugfix: in the "ranges" parameter of the "geo" directive.
-
- *) Bugfix: an incorrect response might be returned when using the "aio
- threads" and "sendfile" directives; the bug had appeared in 1.9.13.
-
-
-Changes with nginx 1.11.3 26 Jul 2016
-
- *) Change: now the "accept_mutex" directive is turned off by default.
-
- *) Feature: now nginx uses EPOLLEXCLUSIVE on Linux.
-
- *) Feature: the ngx_stream_geo_module.
-
- *) Feature: the ngx_stream_geoip_module.
-
- *) Feature: the ngx_stream_split_clients_module.
-
- *) Feature: variables support in the "proxy_pass" and "proxy_ssl_name"
- directives in the stream module.
-
- *) Bugfix: socket leak when using HTTP/2.
-
- *) Bugfix: in configure tests.
- Thanks to Piotr Sikora.
-
-
-Changes with nginx 1.11.2 05 Jul 2016
-
- *) Change: now nginx always uses internal MD5 and SHA1 implementations;
- the --with-md5 and --with-sha1 configure options were canceled.
-
- *) Feature: variables support in the stream module.
-
- *) Feature: the ngx_stream_map_module.
-
- *) Feature: the ngx_stream_return_module.
-
- *) Feature: a port can be specified in the "proxy_bind", "fastcgi_bind",
- "memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
-
- *) Feature: now nginx uses the IP_BIND_ADDRESS_NO_PORT socket option
- when available.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using HTTP/2 and the "proxy_request_buffering" directive.
-
- *) Bugfix: the "Content-Length" request header line was always added to
- requests passed to backends, including requests without body, when
- using HTTP/2.
-
- *) Bugfix: "http request count is zero" alerts might appear in logs when
- using HTTP/2.
-
- *) Bugfix: unnecessary buffering might occur when using the "sub_filter"
- directive; the issue had appeared in 1.9.4.
-
-
-Changes with nginx 1.11.1 31 May 2016
-
- *) Security: a segmentation fault might occur in a worker process while
- writing a specially crafted request body to a temporary file
- (CVE-2016-4450); the bug had appeared in 1.3.9.
-
-
-Changes with nginx 1.11.0 24 May 2016
-
- *) Feature: the "transparent" parameter of the "proxy_bind",
- "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind"
- directives.
-
- *) Feature: the $request_id variable.
-
- *) Feature: the "map" directive supports combinations of multiple
- variables as resulting values.
-
- *) Feature: now nginx checks if EPOLLRDHUP events are supported by
- kernel, and optimizes connection handling accordingly if the "epoll"
- method is used.
-
- *) Feature: the "ssl_certificate" and "ssl_certificate_key" directives
- can be specified multiple times to load certificates of different
- types (for example, RSA and ECDSA).
-
- *) Feature: the "ssl_ecdh_curve" directive now allows specifying a list
- of curves when using OpenSSL 1.0.2 or newer; by default a list built
- into OpenSSL is used.
-
- *) Change: to use DHE ciphers it is now required to specify parameters
- using the "ssl_dhparam" directive.
-
- *) Feature: the $proxy_protocol_port variable.
-
- *) Feature: the $realip_remote_port variable in the
- ngx_http_realip_module.
-
- *) Feature: the ngx_http_realip_module is now able to set the client
- port in addition to the address.
-
- *) Change: the "421 Misdirected Request" response now used when
- rejecting requests to a virtual server different from one negotiated
- during an SSL handshake; this improves interoperability with some
- HTTP/2 clients when using client certificates.
-
- *) Change: HTTP/2 clients can now start sending request body
- immediately; the "http2_body_preread_size" directive controls size of
- the buffer used before nginx will start reading client request body.
-
- *) Bugfix: cached error responses were not updated when using the
- "proxy_cache_bypass" directive.
-
-
-Changes with nginx 1.9.15 19 Apr 2016
-
- *) Bugfix: "recv() failed" errors might occur when using HHVM as a
- FastCGI server.
-
- *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
- directives a timeout or a "client violated flow control" error might
- occur while reading client request body; the bug had appeared in
- 1.9.14.
-
- *) Workaround: a response might not be shown by some browsers if HTTP/2
- was used and client request body was not fully read; the bug had
- appeared in 1.9.14.
-
- *) Bugfix: connections might hang when using the "aio threads"
- directive.
- Thanks to Mindaugas Rasiukevicius.
-
-
-Changes with nginx 1.9.14 05 Apr 2016
-
- *) Feature: OpenSSL 1.1.0 compatibility.
-
- *) Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
- "scgi_request_buffering", and "uwsgi_request_buffering" directives
- now work with HTTP/2.
-
- *) Bugfix: "zero size buf in output" alerts might appear in logs when
- using HTTP/2.
-
- *) Bugfix: the "client_max_body_size" directive might work incorrectly
- when using HTTP/2.
-
- *) Bugfix: of minor bugs in logging.
-
-
-Changes with nginx 1.9.13 29 Mar 2016
-
- *) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
- passed to the next server by default if a request has been sent to a
- backend; the "non_idempotent" parameter of the "proxy_next_upstream"
- directive explicitly allows retrying such requests.
-
- *) Feature: the ngx_http_perl_module can be built dynamically.
-
- *) Feature: UDP support in the stream module.
-
- *) Feature: the "aio_write" directive.
-
- *) Feature: now cache manager monitors number of elements in caches and
- tries to avoid cache keys zone overflows.
-
- *) Bugfix: "task already active" and "second aio post" alerts might
- appear in logs when using the "sendfile" and "aio" directives with
- subrequests.
-
- *) Bugfix: "zero size buf in output" alerts might appear in logs if
- caching was used and a client closed a connection prematurely.
-
- *) Bugfix: connections with clients might be closed needlessly if
- caching was used.
- Thanks to Justin Li.
-
- *) Bugfix: nginx might hog CPU if the "sendfile" directive was used on
- Linux or Solaris and a file being sent was changed during sending.
-
- *) Bugfix: connections might hang when using the "sendfile" and "aio
- threads" directives.
-
- *) Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and
- "uwsgi_pass" directives when using variables.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in the ngx_http_sub_filter_module.
-
- *) Bugfix: if an error occurred in a cached backend connection, the
- request was passed to the next server regardless of the
- proxy_next_upstream directive.
-
- *) Bugfix: "CreateFile() failed" errors when creating temporary files on
- Windows.
-
-
-Changes with nginx 1.9.12 24 Feb 2016
-
- *) Feature: Huffman encoding of response headers in HTTP/2.
- Thanks to Vlad Krasnov.
-
- *) Feature: the "worker_cpu_affinity" directive now supports more than
- 64 CPUs.
-
- *) Bugfix: compatibility with 3rd party C++ modules; the bug had
- appeared in 1.9.11.
- Thanks to Piotr Sikora.
-
- *) Bugfix: nginx could not be built statically with OpenSSL on Linux;
- the bug had appeared in 1.9.11.
-
- *) Bugfix: the "add_header ... always" directive with an empty value did
- not delete "Last-Modified" and "ETag" header lines from error
- responses.
-
- *) Workaround: "called a function you should not call" and "shutdown
- while in init" messages might appear in logs when using OpenSSL
- 1.0.2f.
-
- *) Bugfix: invalid headers might be logged incorrectly.
-
- *) Bugfix: socket leak when using HTTP/2.
-
- *) Bugfix: in the ngx_http_v2_module.
-
-
-Changes with nginx 1.9.11 09 Feb 2016
-
- *) Feature: TCP support in resolver.
-
- *) Feature: dynamic modules.
-
- *) Bugfix: the $request_length variable did not include size of request
- headers when using HTTP/2.
-
- *) Bugfix: in the ngx_http_v2_module.
-
-
-Changes with nginx 1.9.10 26 Jan 2016
-
- *) Security: invalid pointer dereference might occur during DNS server
- response processing if the "resolver" directive was used, allowing an
- attacker who is able to forge UDP packets from the DNS server to
- cause segmentation fault in a worker process (CVE-2016-0742).
-
- *) Security: use-after-free condition might occur during CNAME response
- processing if the "resolver" directive was used, allowing an attacker
- who is able to trigger name resolution to cause segmentation fault in
- a worker process, or might have potential other impact
- (CVE-2016-0746).
-
- *) Security: CNAME resolution was insufficiently limited if the
- "resolver" directive was used, allowing an attacker who is able to
- trigger arbitrary name resolution to cause excessive resource
- consumption in worker processes (CVE-2016-0747).
-
- *) Feature: the "auto" parameter of the "worker_cpu_affinity" directive.
-
- *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
- not work with IPv6 listen sockets.
-
- *) Bugfix: connections to upstream servers might be cached incorrectly
- when using the "keepalive" directive.
-
- *) Bugfix: proxying used the HTTP method of the original request after
- an "X-Accel-Redirect" redirection.
-
-
-Changes with nginx 1.9.9 09 Dec 2015
-
- *) Bugfix: proxying to unix domain sockets did not work when using
- variables; the bug had appeared in 1.9.8.
-
-
-Changes with nginx 1.9.8 08 Dec 2015
-
- *) Feature: pwritev() support.
-
- *) Feature: the "include" directive inside the "upstream" block.
-
- *) Feature: the ngx_http_slice_module.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using LibreSSL; the bug had appeared in 1.9.6.
-
- *) Bugfix: nginx could not be built on OS X in some cases.
-
-
-Changes with nginx 1.9.7 17 Nov 2015
-
- *) Feature: the "nohostname" parameter of logging to syslog.
-
- *) Feature: the "proxy_cache_convert_head" directive.
-
- *) Feature: the $realip_remote_addr variable in the
- ngx_http_realip_module.
-
- *) Bugfix: the "expires" directive might not work when using variables.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using HTTP/2; the bug had appeared in 1.9.6.
-
- *) Bugfix: if nginx was built with the ngx_http_v2_module it was
- possible to use the HTTP/2 protocol even if the "http2" parameter of
- the "listen" directive was not specified.
-
- *) Bugfix: in the ngx_http_v2_module.
-
-
-Changes with nginx 1.9.6 27 Oct 2015
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using HTTP/2.
- Thanks to Piotr Sikora and Denis Andzakovic.
-
- *) Bugfix: the $server_protocol variable was empty when using HTTP/2.
-
- *) Bugfix: backend SSL connections in the stream module might be timed
- out unexpectedly.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- different ssl_session_cache settings were used in different virtual
- servers.
-
- *) Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
- appeared in 1.9.4.
- Thanks to Kouhei Sutou.
-
- *) Bugfix: time was not updated when the timer_resolution directive was
- used on Windows.
-
- *) Miscellaneous minor fixes and improvements.
- Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.
-
-
-Changes with nginx 1.9.5 22 Sep 2015
-
- *) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
- Thanks to Dropbox and Automattic for sponsoring this work.
-
- *) Change: now the "output_buffers" directive uses two buffers by
- default.
-
- *) Change: now nginx limits subrequests recursion, not simultaneous
- subrequests.
-
- *) Change: now nginx checks the whole cache key when returning a
- response from cache.
- Thanks to Gena Makhomed and Sergey Brester.
-
- *) Bugfix: "header already sent" alerts might appear in logs when using
- cache; the bug had appeared in 1.7.5.
-
- *) Bugfix: "writev() failed (4: Interrupted system call)" errors might
- appear in logs when using CephFS and the "timer_resolution" directive
- on Linux.
-
- *) Bugfix: in invalid configurations handling.
- Thanks to Markus Linnala.
-
- *) Bugfix: a segmentation fault occurred in a worker process if the
- "sub_filter" directive was used at http level; the bug had appeared
- in 1.9.4.
-
-
-Changes with nginx 1.9.4 18 Aug 2015
-
- *) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
- directives of the stream module are replaced with the
- "proxy_buffer_size" directive.
-
- *) Feature: the "tcp_nodelay" directive in the stream module.
-
- *) Feature: multiple "sub_filter" directives can be used simultaneously.
-
- *) Feature: variables support in the search string of the "sub_filter"
- directive.
-
- *) Workaround: configuration testing might fail under Linux OpenVZ.
- Thanks to Gena Makhomed.
-
- *) Bugfix: old worker processes might hog CPU after reconfiguration with
- a large number of worker_connections.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "try_files" and "alias" directives were used inside a location given
- by a regular expression; the bug had appeared in 1.7.1.
-
- *) Bugfix: the "try_files" directive inside a nested location given by a
- regular expression worked incorrectly if the "alias" directive was
- used in the outer location.
-
- *) Bugfix: in hash table initialization error handling.
-
- *) Bugfix: nginx could not be built with Visual Studio 2015.
-
-
-Changes with nginx 1.9.3 14 Jul 2015
-
- *) Change: duplicate "http", "mail", and "stream" blocks are now
- disallowed.
-
- *) Feature: connection limiting in the stream module.
-
- *) Feature: data rate limiting in the stream module.
-
- *) Bugfix: the "zone" directive inside the "upstream" block did not work
- on Windows.
-
- *) Bugfix: compatibility with LibreSSL in the stream module.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in the "--builddir" configure parameter.
- Thanks to Piotr Sikora.
-
- *) Bugfix: the "ssl_stapling_file" directive did not work; the bug had
- appeared in 1.9.2.
- Thanks to Faidon Liambotis and Brandon Black.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "ssl_stapling" directive was used; the bug had appeared in 1.9.2.
- Thanks to Matthew Baldwin.
-
-
-Changes with nginx 1.9.2 16 Jun 2015
-
- *) Feature: the "backlog" parameter of the "listen" directives of the
- mail proxy and stream modules.
-
- *) Feature: the "allow" and "deny" directives in the stream module.
-
- *) Feature: the "proxy_bind" directive in the stream module.
-
- *) Feature: the "proxy_protocol" directive in the stream module.
-
- *) Feature: the -T switch.
-
- *) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf,
- fastcgi_params, scgi_params, and uwsgi_params standard configuration
- files.
-
- *) Bugfix: the "reuseport" parameter of the "listen" directive of the
- stream module did not work.
-
- *) Bugfix: OCSP stapling might return an expired OCSP response in some
- cases.
-
-
-Changes with nginx 1.9.1 26 May 2015
-
- *) Change: now SSLv3 protocol is disabled by default.
-
- *) Change: some long deprecated directives are not supported anymore.
-
- *) Feature: the "reuseport" parameter of the "listen" directive.
- Thanks to Yingqi Lu at Intel and Sepherosa Ziehau.
-
- *) Feature: the $upstream_connect_time variable.
-
- *) Bugfix: in the "hash" directive on big-endian platforms.
-
- *) Bugfix: nginx might fail to start on some old Linux variants; the bug
- had appeared in 1.7.11.
-
- *) Bugfix: in IP address parsing.
- Thanks to Sergey Polovko.
-
-
-Changes with nginx 1.9.0 28 Apr 2015
-
- *) Change: obsolete aio and rtsig event methods have been removed.
-
- *) Feature: the "zone" directive inside the "upstream" block.
-
- *) Feature: the stream module.
-
- *) Feature: byte ranges support in the ngx_http_memcached_module.
- Thanks to Martin Mlynář.
-
- *) Feature: shared memory can now be used on Windows versions with
- address space layout randomization.
- Thanks to Sergey Brester.
-
- *) Feature: the "error_log" directive can now be used on mail and server
- levels in mail proxy.
-
- *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
- not work if not specified in the first "listen" directive for a
- listen socket.
-
-
-Changes with nginx 1.7.12 07 Apr 2015
-
- *) Feature: now the "tcp_nodelay" directive works with backend SSL
- connections.
-
- *) Feature: now thread pools can be used to read cache file headers.
-
- *) Bugfix: in the "proxy_request_buffering" directive.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- using thread pools on Linux.
-
- *) Bugfix: in error handling when using the "ssl_stapling" directive.
- Thanks to Filipe da Silva.
-
- *) Bugfix: in the ngx_http_spdy_module.
-
-
-Changes with nginx 1.7.11 24 Mar 2015
-
- *) Change: the "sendfile" parameter of the "aio" directive is
- deprecated; now nginx automatically uses AIO to pre-load data for
- sendfile if both "aio" and "sendfile" directives are used.
-
- *) Feature: experimental thread pools support.
-
- *) Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
- "scgi_request_buffering", and "uwsgi_request_buffering" directives.
-
- *) Feature: request body filters experimental API.
-
- *) Feature: client SSL certificates support in mail proxy.
- Thanks to Sven Peter, Franck Levionnois, and Filipe Da Silva.
-
- *) Feature: startup speedup when using the "hash ... consistent"
- directive in the upstream block.
- Thanks to Wai Keen Woon.
-
- *) Feature: debug logging into a cyclic memory buffer.
-
- *) Bugfix: in hash table handling.
- Thanks to Chris West.
-
- *) Bugfix: in the "proxy_cache_revalidate" directive.
-
- *) Bugfix: SSL connections might hang if deferred accept or the
- "proxy_protocol" parameter of the "listen" directive were used.
- Thanks to James Hamlin.
-
- *) Bugfix: the $upstream_response_time variable might contain a wrong
- value if the "image_filter" directive was used.
-
- *) Bugfix: in integer overflow handling.
- Thanks to Régis Leroy.
-
- *) Bugfix: it was not possible to enable SSLv3 with LibreSSL.
-
- *) Bugfix: the "ignoring stale global SSL error ... called a function
- you should not call" alerts appeared in logs when using LibreSSL.
-
- *) Bugfix: certificates specified by the "ssl_client_certificate" and
- "ssl_trusted_certificate" directives were inadvertently used to
- automatically construct certificate chains.
-
-
-Changes with nginx 1.7.10 10 Feb 2015
-
- *) Feature: the "use_temp_path" parameter of the "proxy_cache_path",
- "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
- directives.
-
- *) Feature: the $upstream_header_time variable.
-
- *) Workaround: now on disk overflow nginx tries to write error logs once
- a second only.
-
- *) Bugfix: the "try_files" directive did not ignore normal files while
- testing directories.
- Thanks to Damien Tournoud.
-
- *) Bugfix: alerts "sendfile() failed" if the "sendfile" directive was
- used on OS X; the bug had appeared in 1.7.8.
-
- *) Bugfix: alerts "sem_post() failed" might appear in logs.
-
- *) Bugfix: nginx could not be built with musl libc.
- Thanks to James Taylor.
-
- *) Bugfix: nginx could not be built on Tru64 UNIX.
- Thanks to Goetz T. Fischer.
-
-
-Changes with nginx 1.7.9 23 Dec 2014
-
- *) Feature: variables support in the "proxy_cache", "fastcgi_cache",
- "scgi_cache", and "uwsgi_cache" directives.
-
- *) Feature: variables support in the "expires" directive.
-
- *) Feature: loading of secret keys from hardware tokens with OpenSSL
- engines.
- Thanks to Dmitrii Pichulin.
-
- *) Feature: the "autoindex_format" directive.
-
- *) Bugfix: cache revalidation is now only used for responses with 200
- and 206 status codes.
- Thanks to Piotr Sikora.
-
- *) Bugfix: the "TE" client request header line was passed to backends
- while proxying.
-
- *) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and
- "uwsgi_pass" directives might not work correctly inside the "if" and
- "limit_except" blocks.
-
- *) Bugfix: the "proxy_store" directive with the "on" parameter was
- ignored if the "proxy_store" directive with an explicitly specified
- file path was used on a previous level.
-
- *) Bugfix: nginx could not be built with BoringSSL.
- Thanks to Lukas Tribus.
-
-
-Changes with nginx 1.7.8 02 Dec 2014
-
- *) Change: now the "If-Modified-Since", "If-Range", etc. client request
- header lines are passed to a backend while caching if nginx knows in
- advance that the response will not be cached (e.g., when using
- proxy_cache_min_uses).
-
- *) Change: now after proxy_cache_lock_timeout nginx sends a request to a
- backend with caching disabled; the new directives
- "proxy_cache_lock_age", "fastcgi_cache_lock_age",
- "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time
- after which the lock will be released and another attempt to cache a
- response will be made.
-
- *) Change: the "log_format" directive can now be used only at http
- level.
-
- *) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key",
- "proxy_ssl_password_file", "uwsgi_ssl_certificate",
- "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file"
- directives.
- Thanks to Piotr Sikora.
-
- *) Feature: it is now possible to switch to a named location using
- "X-Accel-Redirect".
- Thanks to Toshikuni Fukaya.
-
- *) Feature: now the "tcp_nodelay" directive works with SPDY connections.
-
- *) Feature: new directives in vim syntax highliting scripts.
- Thanks to Peter Wu.
-
- *) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control"
- backend response header line.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in the ngx_http_spdy_module.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in the "ssl_password_file" directive when using OpenSSL
- 0.9.8zc, 1.0.0o, 1.0.1j.
-
- *) Bugfix: alerts "header already sent" appeared in logs if the
- "post_action" directive was used; the bug had appeared in 1.5.4.
-
- *) Bugfix: alerts "the http output chain is empty" might appear in logs
- if the "postpone_output 0" directive was used with SSI includes.
-
- *) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests.
- Thanks to Yichun Zhang.
-
-
-Changes with nginx 1.7.7 28 Oct 2014
-
- *) Change: now nginx takes into account the "Vary" header line in a
- backend response while caching.
-
- *) Feature: the "proxy_force_ranges", "fastcgi_force_ranges",
- "scgi_force_ranges", and "uwsgi_force_ranges" directives.
-
- *) Feature: the "proxy_limit_rate", "fastcgi_limit_rate",
- "scgi_limit_rate", and "uwsgi_limit_rate" directives.
-
- *) Feature: the "Vary" parameter of the "proxy_ignore_headers",
- "fastcgi_ignore_headers", "scgi_ignore_headers", and
- "uwsgi_ignore_headers" directives.
-
- *) Bugfix: the last part of a response received from a backend with
- unbufferred proxy might not be sent to a client if "gzip" or "gunzip"
- directives were used.
-
- *) Bugfix: in the "proxy_cache_revalidate" directive.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in error handling.
- Thanks to Yichun Zhang and Daniil Bondarev.
-
- *) Bugfix: in the "proxy_next_upstream_tries" and
- "proxy_next_upstream_timeout" directives.
- Thanks to Feng Gu.
-
- *) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc.
- Thanks to Kouhei Sutou.
-
-
-Changes with nginx 1.7.6 30 Sep 2014
-
- *) Change: the deprecated "limit_zone" directive is not supported
- anymore.
-
- *) Feature: the "limit_conn_zone" and "limit_req_zone" directives now
- can be used with combinations of multiple variables.
-
- *) Bugfix: request body might be transmitted incorrectly when retrying a
- FastCGI request to the next upstream server.
-
- *) Bugfix: in logging to syslog.
-
-
-Changes with nginx 1.7.5 16 Sep 2014
-
- *) Security: it was possible to reuse SSL sessions in unrelated contexts
- if a shared SSL session cache or the same TLS session ticket key was
- used for multiple "server" blocks (CVE-2014-3616).
- Thanks to Antoine Delignat-Lavaud.
-
- *) Change: now the "stub_status" directive does not require a parameter.
-
- *) Feature: the "always" parameter of the "add_header" directive.
-
- *) Feature: the "proxy_next_upstream_tries",
- "proxy_next_upstream_timeout", "fastcgi_next_upstream_tries",
- "fastcgi_next_upstream_timeout", "memcached_next_upstream_tries",
- "memcached_next_upstream_timeout", "scgi_next_upstream_tries",
- "scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and
- "uwsgi_next_upstream_timeout" directives.
-
- *) Bugfix: in the "if" parameter of the "access_log" directive.
-
- *) Bugfix: in the ngx_http_perl_module.
- Thanks to Piotr Sikora.
-
- *) Bugfix: the "listen" directive of the mail proxy module did not allow
- to specify more than two parameters.
-
- *) Bugfix: the "sub_filter" directive did not work with a string to
- replace consisting of a single character.
-
- *) Bugfix: requests might hang if resolver was used and a timeout
- occurred during a DNS request.
-
- *) Bugfix: in the ngx_http_spdy_module when using with AIO.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "set" directive was used to change the "$http_...", "$sent_http_...",
- or "$upstream_http_..." variables.
-
- *) Bugfix: in memory allocation error handling.
- Thanks to Markus Linnala and Feng Gu.
-
-
-Changes with nginx 1.7.4 05 Aug 2014
-
- *) Security: pipelined commands were not discarded after STARTTLS
- command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
- Thanks to Chris Boulton.
-
- *) Change: URI escaping now uses uppercase hexadecimal digits.
- Thanks to Piotr Sikora.
-
- *) Feature: now nginx can be build with BoringSSL and LibreSSL.
- Thanks to Piotr Sikora.
-
- *) Bugfix: requests might hang if resolver was used and a DNS server
- returned a malformed response; the bug had appeared in 1.5.8.
-
- *) Bugfix: in the ngx_http_spdy_module.
- Thanks to Piotr Sikora.
-
- *) Bugfix: the $uri variable might contain garbage when returning errors
- with code 400.
- Thanks to Sergey Bobrov.
-
- *) Bugfix: in error handling in the "proxy_store" directive and the
- ngx_http_dav_module.
- Thanks to Feng Gu.
-
- *) Bugfix: a segmentation fault might occur if logging of errors to
- syslog was used; the bug had appeared in 1.7.1.
-
- *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and
- $geoip_area_code variables might not work.
- Thanks to Yichun Zhang.
-
- *) Bugfix: in memory allocation error handling.
- Thanks to Tatsuhiko Kubo and Piotr Sikora.
-
-
-Changes with nginx 1.7.3 08 Jul 2014
-
- *) Feature: weak entity tags are now preserved on response
- modifications, and strong ones are changed to weak.
-
- *) Feature: cache revalidation now uses If-None-Match header if
- possible.
-
- *) Feature: the "ssl_password_file" directive.
-
- *) Bugfix: the If-None-Match request header line was ignored if there
- was no Last-Modified header in a response returned from cache.
-
- *) Bugfix: "peer closed connection in SSL handshake" messages were
- logged at "info" level instead of "error" while connecting to
- backends.
-
- *) Bugfix: in the ngx_http_dav_module module in nginx/Windows.
-
- *) Bugfix: SPDY connections might be closed prematurely if caching was
- used.
-
-
-Changes with nginx 1.7.2 17 Jun 2014
-
- *) Feature: the "hash" directive inside the "upstream" block.
-
- *) Feature: defragmentation of free shared memory blocks.
- Thanks to Wandenberg Peixoto and Yichun Zhang.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- default value of the "access_log" directive was used; the bug had
- appeared in 1.7.0.
- Thanks to Piotr Sikora.
-
- *) Bugfix: trailing slash was mistakenly removed from the last parameter
- of the "try_files" directive.
-
- *) Bugfix: nginx could not be built on OS X in some cases.
-
- *) Bugfix: in the ngx_http_spdy_module.
-
-
-Changes with nginx 1.7.1 27 May 2014
-
- *) Feature: the "$upstream_cookie_..." variables.
-
- *) Feature: the $ssl_client_fingerprint variable.
-
- *) Feature: the "error_log" and "access_log" directives now support
- logging to syslog.
-
- *) Feature: the mail proxy now logs client port on connect.
-
- *) Bugfix: memory leak if the "ssl_stapling" directive was used.
- Thanks to Filipe da Silva.
-
- *) Bugfix: the "alias" directive used inside a location given by a
- regular expression worked incorrectly if the "if" or "limit_except"
- directives were used.
-
- *) Bugfix: the "charset" directive did not set a charset to encoded
- backend responses.
-
- *) Bugfix: a "proxy_pass" directive without URI part might use original
- request after the $args variable was set.
- Thanks to Yichun Zhang.
-
- *) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
- had appeared in 1.5.6.
- Thanks to Svyatoslav Nikolsky.
-
- *) Bugfix: if sub_filter and SSI were used together, then responses
- might be transferred incorrectly.
-
- *) Bugfix: nginx could not be built with the --with-file-aio option on
- Linux/aarch64.
-
-
-Changes with nginx 1.7.0 24 Apr 2014
-
- *) Feature: backend SSL certificate verification.
-
- *) Feature: support for SNI while working with SSL backends.
-
- *) Feature: the $ssl_server_name variable.
-
- *) Feature: the "if" parameter of the "access_log" directive.
-
-
-Changes with nginx 1.5.13 08 Apr 2014
-
- *) Change: improved hash table handling; the default values of the
- "variables_hash_max_size" and "types_hash_bucket_size" were changed
- to 1024 and 64 respectively.
-
- *) Feature: the ngx_http_mp4_module now supports the "end" argument.
-
- *) Feature: byte ranges support in the ngx_http_mp4_module and while
- saving responses to cache.
-
- *) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged
- when using shared memory in the "ssl_session_cache" directive and in
- the ngx_http_limit_req_module.
-
- *) Bugfix: the "underscores_in_headers" directive did not allow
- underscore as a first character of a header.
- Thanks to Piotr Sikora.
-
- *) Bugfix: cache manager might hog CPU on exit in nginx/Windows.
-
- *) Bugfix: nginx/Windows terminated abnormally if the
- "ssl_session_cache" directive was used with the "shared" parameter.
-
- *) Bugfix: in the ngx_http_spdy_module.
-
-
-Changes with nginx 1.5.12 18 Mar 2014
-
- *) Security: a heap memory buffer overflow might occur in a worker
- process while handling a specially crafted request by
- ngx_http_spdy_module, potentially resulting in arbitrary code
- execution (CVE-2014-0133).
- Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
- Manuel Sadosky, Buenos Aires, Argentina.
-
- *) Feature: the "proxy_protocol" parameters of the "listen" and
- "real_ip_header" directives, the $proxy_protocol_addr variable.
-
- *) Bugfix: in the "fastcgi_next_upstream" directive.
- Thanks to Lucas Molas.
-
-
-Changes with nginx 1.5.11 04 Mar 2014
-
- *) Security: memory corruption might occur in a worker process on 32-bit
- platforms while handling a specially crafted request by
- ngx_http_spdy_module, potentially resulting in arbitrary code
- execution (CVE-2014-0088); the bug had appeared in 1.5.10.
- Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
- Manuel Sadosky, Buenos Aires, Argentina.
-
- *) Feature: the $ssl_session_reused variable.
-
- *) Bugfix: the "client_max_body_size" directive might not work when
- reading a request body using chunked transfer encoding; the bug had
- appeared in 1.3.9.
- Thanks to Lucas Molas.
-
- *) Bugfix: a segmentation fault might occur in a worker process when
- proxying WebSocket connections.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- ngx_http_spdy_module was used on 32-bit platforms; the bug had
- appeared in 1.5.10.
-
- *) Bugfix: the $upstream_status variable might contain wrong data if the
- "proxy_cache_use_stale" or "proxy_cache_revalidate" directives were
- used.
- Thanks to Piotr Sikora.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- errors with code 400 were redirected to a named location using the
- "error_page" directive.
-
- *) Bugfix: nginx/Windows could not be built with Visual Studio 2013.
-
-
-Changes with nginx 1.5.10 04 Feb 2014
-
- *) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol.
- Thanks to Automattic and MaxCDN for sponsoring this work.
-
- *) Feature: the ngx_http_mp4_module now skips tracks too short for a
- seek requested.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- $ssl_session_id variable was used in logs; the bug had appeared in
- 1.5.9.
-
- *) Bugfix: the $date_local and $date_gmt variables used wrong format
- outside of the ngx_http_ssi_filter_module.
-
- *) Bugfix: client connections might be immediately closed if deferred
- accept was used; the bug had appeared in 1.3.15.
-
- *) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs
- during binary upgrade on Linux; the bug had appeared in 1.5.8.
- Thanks to Piotr Sikora.
-
-
-Changes with nginx 1.5.9 22 Jan 2014
-
- *) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers.
-
- *) Feature: the "ssl_buffer_size" directive.
-
- *) Feature: the "limit_rate" directive can now be used to rate limit
- responses sent in SPDY connections.
-
- *) Feature: the "spdy_chunk_size" directive.
-
- *) Feature: the "ssl_session_tickets" directive.
- Thanks to Dirkjan Bussink.
-
- *) Bugfix: the $ssl_session_id variable contained full session
- serialized instead of just a session id.
- Thanks to Ivan Ristić.
-
- *) Bugfix: nginx incorrectly handled escaped "?" character in the
- "include" SSI command.
-
- *) Bugfix: the ngx_http_dav_module did not unescape destination URI of
- the COPY and MOVE methods.
-
- *) Bugfix: resolver did not understand domain names with a trailing dot.
- Thanks to Yichun Zhang.
-
- *) Bugfix: alerts "zero size buf in output" might appear in logs while
- proxying; the bug had appeared in 1.3.9.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- ngx_http_spdy_module was used.
-
- *) Bugfix: proxied WebSocket connections might hang right after
- handshake if the select, poll, or /dev/poll methods were used.
-
- *) Bugfix: the "xclient" directive of the mail proxy module incorrectly
- handled IPv6 client addresses.
-
-
-Changes with nginx 1.5.8 17 Dec 2013
-
- *) Feature: IPv6 support in resolver.
-
- *) Feature: the "listen" directive supports the "fastopen" parameter.
- Thanks to Mathew Rodley.
-
- *) Feature: SSL support in the ngx_http_uwsgi_module.
- Thanks to Roberto De Ioris.
-
- *) Feature: vim syntax highlighting scripts were added to contrib.
- Thanks to Evan Miller.
-
- *) Bugfix: a timeout might occur while reading client request body in an
- SSL connection using chunked transfer encoding.
-
- *) Bugfix: the "master_process" directive did not work correctly in
- nginx/Windows.
-
- *) Bugfix: the "setfib" parameter of the "listen" directive might not
- work.
-
- *) Bugfix: in the ngx_http_spdy_module.
-
-
-Changes with nginx 1.5.7 19 Nov 2013
-
- *) Security: a character following an unescaped space in a request line
- was handled incorrectly (CVE-2013-4547); the bug had appeared in
- 0.8.41.
- Thanks to Ivan Fratric of the Google Security Team.
-
- *) Change: a logging level of auth_basic errors about no user/password
- provided has been lowered from "error" to "info".
-
- *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate",
- "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives.
-
- *) Feature: the "ssl_session_ticket_key" directive.
- Thanks to Piotr Sikora.
-
- *) Bugfix: the directive "add_header Cache-Control ''" added a
- "Cache-Control" response header line with an empty value.
-
- *) Bugfix: the "satisfy any" directive might return 403 error instead of
- 401 if auth_request and auth_basic directives were used.
- Thanks to Jan Marc Hoffmann.
-
- *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen"
- directive were ignored for listen sockets created during binary
- upgrade.
- Thanks to Piotr Sikora.
-
- *) Bugfix: some data received from a backend with unbufferred proxy
- might not be sent to a client immediately if "gzip" or "gunzip"
- directives were used.
- Thanks to Yichun Zhang.
-
- *) Bugfix: in error handling in ngx_http_gunzip_filter_module.
-
- *) Bugfix: responses might hang if the ngx_http_spdy_module was used
- with the "auth_request" directive.
-
- *) Bugfix: memory leak in nginx/Windows.
-
-
-Changes with nginx 1.5.6 01 Oct 2013
-
- *) Feature: the "fastcgi_buffering" directive.
-
- *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
- directives.
- Thanks to Piotr Sikora.
-
- *) Feature: optimization of SSL handshakes when using long certificate
- chains.
-
- *) Feature: the mail proxy supports SMTP pipelining.
-
- *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
- password encryption method.
- Thanks to Markus Linnala.
-
- *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
- be used to process a request if locations were given using characters
- in different cases.
-
- *) Bugfix: automatic redirect with appended trailing slash for proxied
- locations might not work.
-
- *) Bugfix: in the mail proxy server.
-
- *) Bugfix: in the ngx_http_spdy_module.
-
-
-Changes with nginx 1.5.5 17 Sep 2013
-
- *) Change: now nginx assumes HTTP/1.0 by default if it is not able to
- detect protocol reliably.
-
- *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux.
-
- *) Feature: now nginx uses EPOLLRDHUP events to detect premature
- connection close by clients if the "epoll" method is used.
-
- *) Bugfix: in the "valid_referers" directive if the "server_names"
- parameter was used.
-
- *) Bugfix: the $request_time variable did not work in nginx/Windows.
-
- *) Bugfix: in the "image_filter" directive.
- Thanks to Lanshun Zhou.
-
- *) Bugfix: OpenSSL 1.0.1f compatibility.
- Thanks to Piotr Sikora.
-
-
-Changes with nginx 1.5.4 27 Aug 2013
-
- *) Change: the "js" extension MIME type has been changed to
- "application/javascript"; default value of the "charset_types"
- directive was changed accordingly.
-
- *) Change: now the "image_filter" directive with the "size" parameter
- returns responses with the "application/json" MIME type.
-
- *) Feature: the ngx_http_auth_request_module.
-
- *) Bugfix: a segmentation fault might occur on start or during
- reconfiguration if the "try_files" directive was used with an empty
- parameter.
-
- *) Bugfix: memory leak if relative paths were specified using variables
- in the "root" or "auth_basic_user_file" directives.
-
- *) Bugfix: the "valid_referers" directive incorrectly executed regular
- expressions if a "Referer" header started with "https://".
- Thanks to Liangbin Li.
-
- *) Bugfix: responses might hang if subrequests were used and an SSL
- handshake error happened during subrequest processing.
- Thanks to Aviram Cohen.
-
- *) Bugfix: in the ngx_http_autoindex_module.
-
- *) Bugfix: in the ngx_http_spdy_module.
-
-
-Changes with nginx 1.5.3 30 Jul 2013
-
- *) Change in internal API: now u->length defaults to -1 if working with
- backends in unbuffered mode.
-
- *) Change: now after receiving an incomplete response from a backend
- server nginx tries to send an available part of the response to a
- client, and then closes client connection.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- ngx_http_spdy_module was used with the "client_body_in_file_only"
- directive.
-
- *) Bugfix: the "so_keepalive" parameter of the "listen" directive might
- be handled incorrectly on DragonFlyBSD.
- Thanks to Sepherosa Ziehau.
-
- *) Bugfix: in the ngx_http_xslt_filter_module.
-
- *) Bugfix: in the ngx_http_sub_filter_module.
-
-
-Changes with nginx 1.5.2 02 Jul 2013
-
- *) Feature: now several "error_log" directives can be used.
-
- *) Bugfix: the $r->header_in() embedded perl method did not return value
- of the "Cookie" and "X-Forwarded-For" request header lines; the bug
- had appeared in 1.3.14.
-
- *) Bugfix: in the ngx_http_spdy_module.
- Thanks to Jim Radford.
-
- *) Bugfix: nginx could not be built on Linux with x32 ABI.
- Thanks to Serguei Ivantsov.
-
-
-Changes with nginx 1.5.1 04 Jun 2013
-
- *) Feature: the "ssi_last_modified", "sub_filter_last_modified", and
- "xslt_last_modified" directives.
- Thanks to Alexey Kolpakov.
-
- *) Feature: the "http_403" parameter of the "proxy_next_upstream",
- "fastcgi_next_upstream", "scgi_next_upstream", and
- "uwsgi_next_upstream" directives.
-
- *) Feature: the "allow" and "deny" directives now support unix domain
- sockets.
-
- *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
- without ngx_http_ssl_module; the bug had appeared in 1.3.14.
-
- *) Bugfix: in the "proxy_set_body" directive.
- Thanks to Lanshun Zhou.
-
- *) Bugfix: in the "lingering_time" directive.
- Thanks to Lanshun Zhou.
-
- *) Bugfix: the "fail_timeout" parameter of the "server" directive in the
- "upstream" context might not work if "max_fails" parameter was used;
- the bug had appeared in 1.3.0.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "ssl_stapling" directive was used.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in the mail proxy server.
- Thanks to Filipe Da Silva.
-
- *) Bugfix: nginx/Windows might stop accepting connections if several
- worker processes were used.
-
-
-Changes with nginx 1.5.0 07 May 2013
-
- *) Security: a stack-based buffer overflow might occur in a worker
- process while handling a specially crafted request, potentially
- resulting in arbitrary code execution (CVE-2013-2028); the bug had
- appeared in 1.3.9.
- Thanks to Greg MacManus, iSIGHT Partners Labs.
-
-
-Changes with nginx 1.4.0 24 Apr 2013
-
- *) Bugfix: nginx could not be built with the ngx_http_perl_module if the
- --with-openssl option was used; the bug had appeared in 1.3.16.
-
- *) Bugfix: in a request body handling in the ngx_http_perl_module; the
- bug had appeared in 1.3.9.
-
-
-Changes with nginx 1.3.16 16 Apr 2013
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- subrequests were used; the bug had appeared in 1.3.9.
-
- *) Bugfix: the "tcp_nodelay" directive caused an error if a WebSocket
- connection was proxied into a unix domain socket.
-
- *) Bugfix: the $upstream_response_length variable has an incorrect value
- "0" if buffering was not used.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in the eventport and /dev/poll methods.
-
-
-Changes with nginx 1.3.15 26 Mar 2013
-
- *) Change: opening and closing a connection without sending any data in
- it is no longer logged to access_log with error code 400.
-
- *) Feature: the ngx_http_spdy_module.
- Thanks to Automattic for sponsoring this work.
-
- *) Feature: the "limit_req_status" and "limit_conn_status" directives.
- Thanks to Nick Marden.
-
- *) Feature: the "image_filter_interlace" directive.
- Thanks to Ian Babrou.
-
- *) Feature: $connections_waiting variable in the
- ngx_http_stub_status_module.
-
- *) Feature: the mail proxy module now supports IPv6 backends.
-
- *) Bugfix: request body might be transmitted incorrectly when retrying a
- request to the next upstream server; the bug had appeared in 1.3.9.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in the "client_body_in_file_only" directive; the bug had
- appeared in 1.3.9.
-
- *) Bugfix: responses might hang if subrequests were used and a DNS error
- happened during subrequest processing.
- Thanks to Lanshun Zhou.
-
- *) Bugfix: in backend usage accounting.
-
-
-Changes with nginx 1.3.14 05 Mar 2013
-
- *) Feature: $connections_active, $connections_reading, and
- $connections_writing variables in the ngx_http_stub_status_module.
-
- *) Feature: support of WebSocket connections in the
- ngx_http_uwsgi_module and ngx_http_scgi_module.
-
- *) Bugfix: in virtual servers handling with SNI.
-
- *) Bugfix: new sessions were not always stored if the "ssl_session_cache
- shared" directive was used and there was no free space in shared
- memory.
- Thanks to Piotr Sikora.
-
- *) Bugfix: multiple X-Forwarded-For headers were handled incorrectly.
- Thanks to Neal Poole for sponsoring this work.
-
- *) Bugfix: in the ngx_http_mp4_module.
- Thanks to Gernot Vormayr.
-
-
-Changes with nginx 1.3.13 19 Feb 2013
-
- *) Change: a compiler with name "cc" is now used by default.
-
- *) Feature: support for proxying of WebSocket connections.
- Thanks to Apcera and CloudBees for sponsoring this work.
-
- *) Feature: the "auth_basic_user_file" directive supports "{SHA}"
- password encryption method.
- Thanks to Louis Opter.
-
-
-Changes with nginx 1.3.12 05 Feb 2013
-
- *) Feature: variables support in the "proxy_bind", "fastcgi_bind",
- "memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
-
- *) Feature: the $pipe, $request_length, $time_iso8601, and $time_local
- variables can now be used not only in the "log_format" directive.
- Thanks to Kiril Kalchev.
-
- *) Feature: IPv6 support in the ngx_http_geoip_module.
- Thanks to Gregor Kališnik.
-
- *) Bugfix: in the "proxy_method" directive.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- resolver was used with the poll method.
-
- *) Bugfix: nginx might hog CPU during SSL handshake with a backend if
- the select, poll, or /dev/poll methods were used.
-
- *) Bugfix: the "[crit] SSL_write() failed (SSL:)" error.
-
- *) Bugfix: in the "client_body_in_file_only" directive; the bug had
- appeared in 1.3.9.
-
- *) Bugfix: in the "fastcgi_keep_conn" directive.
-
-
-Changes with nginx 1.3.11 10 Jan 2013
-
- *) Bugfix: a segmentation fault might occur if logging was used; the bug
- had appeared in 1.3.10.
-
- *) Bugfix: the "proxy_pass" directive did not work with IP addresses
- without port specified; the bug had appeared in 1.3.10.
-
- *) Bugfix: a segmentation fault occurred on start or during
- reconfiguration if the "keepalive" directive was specified more than
- once in a single upstream block.
-
- *) Bugfix: parameter "default" of the "geo" directive did not set
- default value for IPv6 addresses.
-
-
-Changes with nginx 1.3.10 25 Dec 2012
-
- *) Change: domain names specified in configuration file are now resolved
- to IPv6 addresses as well as IPv4 ones.
-
- *) Change: now if the "include" directive with mask is used on Unix
- systems, included files are sorted in alphabetical order.
-
- *) Change: the "add_header" directive adds headers to 201 responses.
-
- *) Feature: the "geo" directive now supports IPv6 addresses in CIDR
- notation.
-
- *) Feature: the "flush" and "gzip" parameters of the "access_log"
- directive.
-
- *) Feature: variables support in the "auth_basic" directive.
-
- *) Bugfix: nginx could not be built with the ngx_http_perl_module in
- some cases.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- ngx_http_xslt_module was used.
-
- *) Bugfix: nginx could not be built on MacOSX in some cases.
- Thanks to Piotr Sikora.
-
- *) Bugfix: the "limit_rate" directive with high rates might result in
- truncated responses on 32-bit platforms.
- Thanks to Alexey Antropov.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "if" directive was used.
- Thanks to Piotr Sikora.
-
- *) Bugfix: a "100 Continue" response was issued with "413 Request Entity
- Too Large" responses.
-
- *) Bugfix: the "image_filter", "image_filter_jpeg_quality" and
- "image_filter_sharpen" directives might be inherited incorrectly.
- Thanks to Ian Babrou.
-
- *) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic"
- directive was used on Linux.
-
- *) Bugfix: in backup servers handling.
- Thanks to Thomas Chen.
-
- *) Bugfix: proxied HEAD requests might return incorrect response if the
- "gzip" directive was used.
-
-
-Changes with nginx 1.3.9 27 Nov 2012
-
- *) Feature: support for chunked transfer encoding while reading client
- request body.
-
- *) Feature: the $request_time and $msec variables can now be used not
- only in the "log_format" directive.
-
- *) Bugfix: cache manager and cache loader processes might not be able to
- start if more than 512 listen sockets were used.
-
- *) Bugfix: in the ngx_http_dav_module.
-
-
-Changes with nginx 1.3.8 30 Oct 2012
-
- *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
- directive.
- Thanks to Mike Kazantsev and Eric O'Connor.
-
- *) Feature: the $bytes_sent, $connection, and $connection_requests
- variables can now be used not only in the "log_format" directive.
- Thanks to Benjamin Grössing.
-
- *) Feature: the "auto" parameter of the "worker_processes" directive.
-
- *) Bugfix: "cache file ... has md5 collision" alert.
-
- *) Bugfix: in the ngx_http_gunzip_filter_module.
-
- *) Bugfix: in the "ssl_stapling" directive.
-
-
-Changes with nginx 1.3.7 02 Oct 2012
-
- *) Feature: OCSP stapling support.
- Thanks to Comodo, DigiCert and GlobalSign for sponsoring this work.
-
- *) Feature: the "ssl_trusted_certificate" directive.
-
- *) Feature: resolver now randomly rotates addresses returned from cache.
- Thanks to Anton Jouline.
-
- *) Bugfix: OpenSSL 0.9.7 compatibility.
-
-
-Changes with nginx 1.3.6 12 Sep 2012
-
- *) Feature: the ngx_http_gunzip_filter_module.
-
- *) Feature: the "memcached_gzip_flag" directive.
-
- *) Feature: the "always" parameter of the "gzip_static" directive.
-
- *) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14.
- Thanks to Charles Chen.
-
- *) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if
- the --with-ipv6 option was used.
-
-
-Changes with nginx 1.3.5 21 Aug 2012
-
- *) Change: the ngx_http_mp4_module module no longer skips tracks in
- formats other than H.264 and AAC.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "map" directive was used with variables as values.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "geo" directive was used with the "ranges" parameter but without the
- "default" parameter; the bug had appeared in 0.8.43.
- Thanks to Zhen Chen and Weibin Yao.
-
- *) Bugfix: in the -p command-line parameter handling.
-
- *) Bugfix: in the mail proxy server.
-
- *) Bugfix: of minor potential bugs.
- Thanks to Coverity.
-
- *) Bugfix: nginx/Windows could not be built with Visual Studio 2005
- Express.
- Thanks to HAYASHI Kentaro.
-
-
-Changes with nginx 1.3.4 31 Jul 2012
-
- *) Change: the "ipv6only" parameter is now turned on by default for
- listening IPv6 sockets.
-
- *) Feature: the Clang compiler support.
-
- *) Bugfix: extra listening sockets might be created.
- Thanks to Roman Odaisky.
-
- *) Bugfix: nginx/Windows might hog CPU if a worker process failed to
- start.
- Thanks to Ricardo Villalobos Guevara.
-
- *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header",
- "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header",
- "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header"
- directives might be inherited incorrectly.
-
-
-Changes with nginx 1.3.3 10 Jul 2012
-
- *) Feature: entity tags support and the "etag" directive.
-
- *) Bugfix: trailing dot in a source value was not ignored if the "map"
- directive was used with the "hostnames" parameter.
-
- *) Bugfix: incorrect location might be used to process a request if a
- URI was changed via a "rewrite" directive before an internal redirect
- to a named location.
-
-
-Changes with nginx 1.3.2 26 Jun 2012
-
- *) Change: the "single" parameter of the "keepalive" directive is now
- ignored.
-
- *) Change: SSL compression is now disabled when using all versions of
- OpenSSL, including ones prior to 1.0.0.
-
- *) Feature: it is now possible to use the "ip_hash" directive to balance
- IPv6 clients.
-
- *) Feature: the $status variable can now be used not only in the
- "log_format" directive.
-
- *) Bugfix: a segmentation fault might occur in a worker process on
- shutdown if the "resolver" directive was used.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- ngx_http_mp4_module was used.
-
- *) Bugfix: in the ngx_http_mp4_module.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- conflicting wildcard server names were used.
-
- *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal on
- ARM platform.
-
- *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX
- while reconfiguration.
-
-
-Changes with nginx 1.3.1 05 Jun 2012
-
- *) Security: now nginx/Windows ignores trailing dot in URI path
- component, and does not allow URIs with ":$" in it.
- Thanks to Vladimir Kochetkov, Positive Research Center.
-
- *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass"
- directives, and the "server" directive inside the "upstream" block,
- now support IPv6 addresses.
-
- *) Feature: the "resolver" directive now supports IPv6 addresses and an
- optional port specification.
-
- *) Feature: the "least_conn" directive inside the "upstream" block.
-
- *) Feature: it is now possible to specify a weight for servers while
- using the "ip_hash" directive.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "image_filter" directive was used; the bug had appeared in 1.3.0.
-
- *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug
- had appeared in 1.1.12.
-
- *) Bugfix: access to variables from SSI and embedded perl module might
- not work after reconfiguration.
- Thanks to Yichun Zhang.
-
- *) Bugfix: in the ngx_http_xslt_filter_module.
- Thanks to Kuramoto Eiji.
-
- *) Bugfix: memory leak if $geoip_org variable was used.
- Thanks to Denis F. Latypoff.
-
- *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path"
- directives.
-
-
-Changes with nginx 1.3.0 15 May 2012
-
- *) Feature: the "debug_connection" directive now supports IPv6 addresses
- and the "unix:" parameter.
-
- *) Feature: the "set_real_ip_from" directive and the "proxy" parameter
- of the "geo" directive now support IPv6 addresses.
-
- *) Feature: the "real_ip_recursive", "geoip_proxy", and
- "geoip_proxy_recursive" directives.
-
- *) Feature: the "proxy_recursive" parameter of the "geo" directive.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "resolver" directive was used.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives were used and
- backend returned incorrect response.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "rewrite" directive was used and new request arguments in a
- replacement used variables.
-
- *) Bugfix: nginx might hog CPU if the open file resource limit was
- reached.
-
- *) Bugfix: nginx might loop infinitely over backends if the
- "proxy_next_upstream" directive with the "http_404" parameter was
- used and there were backup servers specified in an upstream block.
-
- *) Bugfix: adding the "down" parameter of the "server" directive might
- cause unneeded client redistribution among backend servers if the
- "ip_hash" directive was used.
-
- *) Bugfix: socket leak.
- Thanks to Yichun Zhang.
-
- *) Bugfix: in the ngx_http_fastcgi_module.
-
-
-Changes with nginx 1.2.0 23 Apr 2012
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "try_files" directive was used; the bug had appeared in 1.1.19.
-
- *) Bugfix: response might be truncated if there were more than IOV_MAX
- buffers used.
-
- *) Bugfix: in the "crop" parameter of the "image_filter" directive.
- Thanks to Maxim Bublis.
-
-
-Changes with nginx 1.1.19 12 Apr 2012
-
- *) Security: specially crafted mp4 file might allow to overwrite memory
- locations in a worker process if the ngx_http_mp4_module was used,
- potentially resulting in arbitrary code execution (CVE-2012-2089).
- Thanks to Matthew Daley.
-
- *) Bugfix: nginx/Windows might be terminated abnormally.
- Thanks to Vincent Lee.
-
- *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
- "backup".
-
- *) Bugfix: the "allow" and "deny" directives might be inherited
- incorrectly if they were used with IPv6 addresses.
-
- *) Bugfix: the "modern_browser" and "ancient_browser" directives might
- be inherited incorrectly.
-
- *) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC.
-
- *) Bugfix: in the ngx_http_mp4_module.
-
-
-Changes with nginx 1.1.18 28 Mar 2012
-
- *) Change: keepalive connections are no longer disabled for Safari by
- default.
-
- *) Feature: the $connection_requests variable.
-
- *) Feature: $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd and
- $tcpinfo_rcv_space variables.
-
- *) Feature: the "worker_cpu_affinity" directive now works on FreeBSD.
-
- *) Feature: the "xslt_param" and "xslt_string_param" directives.
- Thanks to Samuel Behan.
-
- *) Bugfix: in configure tests.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in the ngx_http_xslt_filter_module.
-
- *) Bugfix: nginx could not be built on Debian GNU/Hurd.
-
-
-Changes with nginx 1.1.17 15 Mar 2012
-
- *) Security: content of previously freed memory might be sent to a
- client if backend returned specially crafted response.
- Thanks to Matthew Daley.
-
- *) Bugfix: in the embedded perl module if used from SSI.
- Thanks to Matthew Daley.
-
- *) Bugfix: in the ngx_http_uwsgi_module.
-
-
-Changes with nginx 1.1.16 29 Feb 2012
-
- *) Change: the simultaneous subrequest limit has been raised to 200.
-
- *) Feature: the "from" parameter of the "disable_symlinks" directive.
-
- *) Feature: the "return" and "error_page" directives can now be used to
- return 307 redirections.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "resolver" directive was used and there was no "error_log" directive
- specified at global level.
- Thanks to Roman Arutyunyan.
-
- *) Bugfix: a segmentation fault might occur in a worker process if the
- "proxy_http_version 1.1" or "fastcgi_keep_conn on" directives were
- used.
-
- *) Bugfix: memory leaks.
- Thanks to Lanshun Zhou.
-
- *) Bugfix: in the "disable_symlinks" directive.
-
- *) Bugfix: on ZFS filesystem disk cache size might be calculated
- incorrectly; the bug had appeared in 1.0.1.
-
- *) Bugfix: nginx could not be built by the icc 12.1 compiler.
-
- *) Bugfix: nginx could not be built by gcc on Solaris; the bug had
- appeared in 1.1.15.
-
-
-Changes with nginx 1.1.15 15 Feb 2012
-
- *) Feature: the "disable_symlinks" directive.
-
- *) Feature: the "proxy_cookie_domain" and "proxy_cookie_path"
- directives.
-
- *) Bugfix: nginx might log incorrect error "upstream prematurely closed
- connection" instead of correct "upstream sent too big header" one.
- Thanks to Feibo Li.
-
- *) Bugfix: nginx could not be built with the ngx_http_perl_module if the
- --with-openssl option was used.
-
- *) Bugfix: the number of internal redirects to named locations was not
- limited.
-
- *) Bugfix: calling $r->flush() multiple times might cause errors in the
- ngx_http_gzip_filter_module.
-
- *) Bugfix: temporary files might be not removed if the "proxy_store"
- directive was used with SSI includes.
-
- *) Bugfix: in some cases non-cacheable variables (such as the $args
- variable) returned old empty cached value.
-
- *) Bugfix: a segmentation fault might occur in a worker process if too
- many SSI subrequests were issued simultaneously; the bug had appeared
- in 0.7.25.
-
-
-Changes with nginx 1.1.14 30 Jan 2012
-
- *) Feature: multiple "limit_req" limits may be used simultaneously.
-
- *) Bugfix: in error handling while connecting to a backend.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in AIO error handling on FreeBSD.
-
- *) Bugfix: in the OpenSSL library initialization.
-
- *) Bugfix: the "proxy_redirect" directives might be inherited
- incorrectly.
-
- *) Bugfix: memory leak during reconfiguration if the "pcre_jit"
- directive was used.
-
-
-Changes with nginx 1.1.13 16 Jan 2012
-
- *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
- "ssl_protocols" directive.
-
- *) Bugfix: the "limit_req" directive parameters were not inherited
- correctly; the bug had appeared in 1.1.12.
-
- *) Bugfix: the "proxy_redirect" directive incorrectly processed
- "Refresh" header if regular expression were used.
-
- *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
- did not return answer from cache if there were no live upstreams.
-
- *) Bugfix: the "worker_cpu_affinity" directive might not work.
-
- *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
- 1.1.12.
-
- *) Bugfix: in the ngx_http_mp4_module.
-
-
-Changes with nginx 1.1.12 26 Dec 2011
-
- *) Change: a "proxy_pass" directive without URI part now uses changed
- URI after redirection with the "error_page" directive.
- Thanks to Lanshun Zhou.
-
- *) Feature: the "proxy/fastcgi/scgi/uwsgi_cache_lock",
- "proxy/fastcgi/scgi/uwsgi_cache_lock_timeout" directives.
-
- *) Feature: the "pcre_jit" directive.
-
- *) Feature: the "if" SSI command supports captures in regular
- expressions.
-
- *) Bugfix: the "if" SSI command did not work inside the "block" command.
-
- *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level"
- directives might not work.
-
- *) Bugfix: the "limit_rate" directive did not allow to use full
- throughput, even if limit value was very high.
-
- *) Bugfix: the "sendfile_max_chunk" directive did not work, if the
- "limit_rate" directive was used.
-
- *) Bugfix: a "proxy_pass" directive without URI part always used
- original request URI if variables were used.
-
- *) Bugfix: a "proxy_pass" directive without URI part might use original
- request after redirection with the "try_files" directive.
- Thanks to Lanshun Zhou.
-
- *) Bugfix: in the ngx_http_scgi_module.
-
- *) Bugfix: in the ngx_http_mp4_module.
-
- *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
- 1.1.9.
-
-
-Changes with nginx 1.1.11 12 Dec 2011
-
- *) Feature: the "so_keepalive" parameter of the "listen" directive.
- Thanks to Vsevolod Stakhov.
-
- *) Feature: the "if_not_empty" parameter of the
- "fastcgi/scgi/uwsgi_param" directives.
-
- *) Feature: the $https variable.
-
- *) Feature: the "proxy_redirect" directive supports variables in the
- first parameter.
-
- *) Feature: the "proxy_redirect" directive supports regular expressions.
-
- *) Bugfix: the $sent_http_cache_control variable might contain a wrong
- value if the "expires" directive was used.
- Thanks to Yichun Zhang.
-
- *) Bugfix: the "read_ahead" directive might not work combined with
- "try_files" and "open_file_cache".
-
- *) Bugfix: a segmentation fault might occur in a worker process if small
- time was used in the "inactive" parameter of the "proxy_cache_path"
- directive.
-
- *) Bugfix: responses from cache might hang.
-
-
-Changes with nginx 1.1.10 30 Nov 2011
-
- *) Bugfix: a segmentation fault occurred in a worker process if AIO was
- used on Linux; the bug had appeared in 1.1.9.
-
-
-Changes with nginx 1.1.9 28 Nov 2011
-
- *) Change: now double quotes are encoded in an "echo" SSI-command
- output.
- Thanks to Zaur Abasmirzoev.
-
- *) Feature: the "valid" parameter of the "resolver" directive. By
- default TTL returned by a DNS server is used.
- Thanks to Kirill A. Korinskiy.
-
- *) Bugfix: nginx might hang after a worker process abnormal termination.
-
- *) Bugfix: a segmentation fault might occur in a worker process if SNI
- was used; the bug had appeared in 1.1.2.
-
- *) Bugfix: in the "keepalive_disable" directive; the bug had appeared in
- 1.1.8.
- Thanks to Alexander Usov.
-
- *) Bugfix: SIGWINCH signal did not work after first binary upgrade; the
- bug had appeared in 1.1.1.
-
- *) Bugfix: backend responses with length not matching "Content-Length"
- header line are no longer cached.
-
- *) Bugfix: in the "scgi_param" directive, if complex parameters were
- used.
-
- *) Bugfix: in the "epoll" event method.
- Thanks to Yichun Zhang.
-
- *) Bugfix: in the ngx_http_flv_module.
- Thanks to Piotr Sikora.
-
- *) Bugfix: in the ngx_http_mp4_module.
-
- *) Bugfix: IPv6 addresses are now handled properly in a request line and
- in a "Host" request header line.
-
- *) Bugfix: "add_header" and "expires" directives did not work if a
- request was proxied and response status code was 206.
-
- *) Bugfix: nginx could not be built on FreeBSD 10.
-
- *) Bugfix: nginx could not be built on AIX.
-
-
-Changes with nginx 1.1.8 14 Nov 2011
-
- *) Change: the ngx_http_limit_zone_module was renamed to the
- ngx_http_limit_conn_module.
-
- *) Change: the "limit_zone" directive was superseded by the
- "limit_conn_zone" directive with a new syntax.
-
- *) Feature: support for multiple "limit_conn" limits on the same level.
-
- *) Feature: the "image_filter_sharpen" directive.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- resolver got a big DNS response.
- Thanks to Ben Hawkes.
-
- *) Bugfix: in cache key calculation if internal MD5 implementation was
- used; the bug had appeared in 1.0.4.
-
- *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
- header lines might be passed to backend while caching; or not passed
- without caching if caching was enabled in another part of the
- configuration.
-
- *) Bugfix: the module ngx_http_mp4_module sent incorrect
- "Content-Length" response header line if the "start" argument was
- used.
- Thanks to Piotr Sikora.
-
-
-Changes with nginx 1.1.7 31 Oct 2011
-
- *) Feature: support of several DNS servers in the "resolver" directive.
- Thanks to Kirill A. Korinskiy.
-
- *) Bugfix: a segmentation fault occurred on start or during
- reconfiguration if the "ssl" directive was used at http level and
- there was no "ssl_certificate" defined.
-
- *) Bugfix: reduced memory consumption while proxying big files if they
- were buffered to disk.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- "proxy_http_version 1.1" directive was used.
-
- *) Bugfix: in the "expires @time" directive.
-
-
-Changes with nginx 1.1.6 17 Oct 2011
-
- *) Change in internal API: now module context data are cleared while
- internal redirect to named location.
- Requested by Yichun Zhang.
-
- *) Change: if a server in an upstream failed, only one request will be
- sent to it after fail_timeout; the server will be considered alive if
- it will successfully respond to the request.
-
- *) Change: now the 0x7F-0xFF characters are escaped as \xXX in an
- access_log.
-
- *) Feature: "proxy/fastcgi/scgi/uwsgi_ignore_headers" directives support
- the following additional values: X-Accel-Limit-Rate,
- X-Accel-Buffering, X-Accel-Charset.
-
- *) Feature: decrease of memory consumption if SSL is used.
-
- *) Bugfix: some UTF-8 characters were processed incorrectly.
- Thanks to Alexey Kuts.
-
- *) Bugfix: the ngx_http_rewrite_module directives specified at "server"
- level were executed twice if no matching locations were defined.
-
- *) Bugfix: a socket leak might occurred if "aio sendfile" was used.
-
- *) Bugfix: connections with fast clients might be closed after
- send_timeout if file AIO was used.
-
- *) Bugfix: in the ngx_http_autoindex_module.
-
- *) Bugfix: the module ngx_http_mp4_module did not support seeking on
- 32-bit platforms.
-
-
-Changes with nginx 1.1.5 05 Oct 2011
-
- *) Feature: the "uwsgi_buffering" and "scgi_buffering" directives.
- Thanks to Peter Smit.
-
- *) Bugfix: non-cacheable responses might be cached if
- "proxy_cache_bypass" directive was used.
- Thanks to John Ferlito.
-
- *) Bugfix: in HTTP/1.1 support in the ngx_http_proxy_module.
-
- *) Bugfix: cached responses with an empty body were returned
- incorrectly; the bug had appeared in 0.8.31.
-
- *) Bugfix: 201 responses of the ngx_http_dav_module were incorrect; the
- bug had appeared in 0.8.32.
-
- *) Bugfix: in the "return" directive.
-
- *) Bugfix: the "ssl_session_cache builtin" directive caused segmentation
- fault; the bug had appeared in 1.1.1.
-
-
-Changes with nginx 1.1.4 20 Sep 2011
-
- *) Feature: the ngx_http_upstream_keepalive module.
-
- *) Feature: the "proxy_http_version" directive.
-
- *) Feature: the "fastcgi_keep_conn" directive.
-
- *) Feature: the "worker_aio_requests" directive.
-
- *) Bugfix: if nginx was built --with-file-aio it could not be run on
- Linux kernel which did not support AIO.
-
- *) Bugfix: in Linux AIO error processing.
- Thanks to Hagai Avrahami.
-
- *) Bugfix: reduced memory consumption for long-lived requests.
-
- *) Bugfix: the module ngx_http_mp4_module did not support 64-bit MP4
- "co64" atom.
-
-
-Changes with nginx 1.1.3 14 Sep 2011
-
- *) Feature: the module ngx_http_mp4_module.
-
- *) Bugfix: in Linux AIO combined with open_file_cache.
-
- *) Bugfix: open_file_cache did not update file info on retest if file
- was not atomically changed.
-
- *) Bugfix: nginx could not be built on MacOSX 10.7.
-
-
-Changes with nginx 1.1.2 05 Sep 2011
-
- *) Change: now if total size of all ranges is greater than source
- response size, then nginx disables ranges and returns just the source
- response.
-
- *) Feature: the "max_ranges" directive.
-
- *) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and
- "ssl_prefer_server_ciphers" directives might work incorrectly if SNI
- was used.
-
- *) Bugfix: in the "proxy/fastcgi/scgi/uwsgi_ignore_client_abort"
- directives.
-
-
-Changes with nginx 1.1.1 22 Aug 2011
-
- *) Change: now cache loader processes either as many files as specified
- by "loader_files" parameter or works no longer than time specified by
- the "loader_threshold" parameter during each iteration.
-
- *) Change: now SIGWINCH signal works only in daemon mode.
-
- *) Feature: now shared zones and caches use POSIX semaphores on Solaris.
- Thanks to Den Ivanov.
-
- *) Feature: accept filters are now supported on NetBSD.
-
- *) Bugfix: nginx could not be built on Linux 3.0.
-
- *) Bugfix: nginx did not use gzipping in some cases; the bug had
- appeared in 1.1.0.
-
- *) Bugfix: request body might be processed incorrectly if client used
- pipelining.
-
- *) Bugfix: in the "request_body_in_single_buf" directive.
-
- *) Bugfix: in "proxy_set_body" and "proxy_pass_request_body" directives
- if SSL connection to backend was used.
-
- *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
- "down".
-
- *) Bugfix: a segmentation fault might occur during reconfiguration if
- ssl_session_cache was defined but not used in previous configuration.
-
- *) Bugfix: a segmentation fault might occur in a worker process if many
- backup servers were used in an upstream.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- "fastcgi/scgi/uwsgi_param" directives were used with values starting
- with "HTTP_"; the bug had appeared in 0.8.40.
-
-
-Changes with nginx 1.1.0 01 Aug 2011
-
- *) Feature: cache loader run time decrease.
-
- *) Feature: "loader_files", "loader_sleep", and "loader_threshold"
- options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives.
-
- *) Feature: loading time decrease of configuration with large number of
- HTTPS sites.
-
- *) Feature: now nginx supports ECDHE key exchange ciphers.
- Thanks to Adrian Kotelba.
-
- *) Feature: the "lingering_close" directive.
- Thanks to Maxim Dounin.
-
- *) Bugfix: in closing connection for pipelined requests.
- Thanks to Maxim Dounin.
-
- *) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in
- "Accept-Encoding" request header line.
-
- *) Bugfix: in timeout in unbuffered proxied mode.
- Thanks to Maxim Dounin.
-
- *) Bugfix: memory leaks when a "proxy_pass" directive contains variables
- and proxies to an HTTPS backend.
- Thanks to Maxim Dounin.
-
- *) Bugfix: in parameter validation of a "proxy_pass" directive with
- variables.
- Thanks to Lanshun Zhou.
-
- *) Bugfix: SSL did not work on QNX.
- Thanks to Maxim Dounin.
-
- *) Bugfix: SSL modules could not be built by gcc 4.6 without
- --with-debug option.
-
-
-Changes with nginx 1.0.5 19 Jul 2011
-
- *) Change: now default SSL ciphers are "HIGH:!aNULL:!MD5".
- Thanks to Rob Stradling.
-
- *) Feature: the "referer_hash_max_size" and "referer_hash_bucket_size"
- directives.
- Thanks to Witold Filipczyk.
-
- *) Feature: $uid_reset variable.
-
- *) Bugfix: a segmentation fault might occur in a worker process, if a
- caching was used.
- Thanks to Lanshun Zhou.
-
- *) Bugfix: worker processes may got caught in an endless loop during
- reconfiguration, if a caching was used; the bug had appeared in
- 0.8.48.
- Thanks to Maxim Dounin.
-
- *) Bugfix: "stalled cache updating" alert.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 1.0.4 01 Jun 2011
-
- *) Change: now regular expressions case sensitivity in the "map"
- directive is given by prefixes "~" or "~*".
-
- *) Feature: now shared zones and caches use POSIX semaphores on Linux.
- Thanks to Denis F. Latypoff.
-
- *) Bugfix: "stalled cache updating" alert.
-
- *) Bugfix: nginx could not be built --without-http_auth_basic_module;
- the bug had appeared in 1.0.3.
-
-
-Changes with nginx 1.0.3 25 May 2011
-
- *) Feature: the "auth_basic_user_file" directive supports "$apr1",
- "{PLAIN}", and "{SSHA}" password encryption methods.
- Thanks to Maxim Dounin.
-
- *) Feature: the "geoip_org" directive and $geoip_org variable.
- Thanks to Alexander Uskov, Arnaud Granal, and Denis F. Latypoff.
-
- *) Feature: ngx_http_geo_module and ngx_http_geoip_module support IPv4
- addresses mapped to IPv6 addresses.
-
- *) Bugfix: a segmentation fault occurred in a worker process during
- testing IPv4 address mapped to IPv6 address, if access or deny rules
- were defined only for IPv6; the bug had appeared in 0.8.22.
-
- *) Bugfix: a cached response may be broken if "proxy/fastcgi/scgi/
- uwsgi_cache_bypass" and "proxy/fastcgi/scgi/uwsgi_no_cache" directive
- values were different; the bug had appeared in 0.8.46.
-
-
-Changes with nginx 1.0.2 10 May 2011
-
- *) Feature: now shared zones and caches use POSIX semaphores.
-
- *) Bugfix: in the "rotate" parameter of the "image_filter" directive.
- Thanks to Adam Bocim.
-
- *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
- 1.0.1.
-
-
-Changes with nginx 1.0.1 03 May 2011
-
- *) Change: now the "split_clients" directive uses MurmurHash2 algorithm
- because of better distribution.
- Thanks to Oleg Mamontov.
-
- *) Change: now long strings starting with zero are not considered as
- false values.
- Thanks to Maxim Dounin.
-
- *) Change: now nginx uses a default listen backlog value 511 on Linux.
-
- *) Feature: the $upstream_... variables may be used in the SSI and perl
- modules.
-
- *) Bugfix: now nginx limits better disk cache size.
- Thanks to Oleg Mamontov.
-
- *) Bugfix: a segmentation fault might occur while parsing incorrect IPv4
- address; the bug had appeared in 0.9.3.
- Thanks to Maxim Dounin.
-
- *) Bugfix: nginx could not be built by gcc 4.6 without --with-debug
- option.
-
- *) Bugfix: nginx could not be built on Solaris 9 and earlier; the bug
- had appeared in 0.9.3.
- Thanks to Dagobert Michelsen.
-
- *) Bugfix: $request_time variable had invalid values if subrequests were
- used; the bug had appeared in 0.8.47.
- Thanks to Igor A. Valcov.
-
-
-Changes with nginx 1.0.0 12 Apr 2011
-
- *) Bugfix: a cache manager might hog CPU after reload.
- Thanks to Maxim Dounin.
-
- *) Bugfix: an "image_filter crop" directive worked incorrectly coupled
- with an "image_filter rotate 180" directive.
-
- *) Bugfix: a "satisfy any" directive disabled custom 401 error page.
-
-
-Changes with nginx 0.9.7 04 Apr 2011
-
- *) Feature: now keepalive connections may be closed premature, if there
- are no free worker connections.
- Thanks to Maxim Dounin.
-
- *) Feature: the "rotate" parameter of the "image_filter" directive.
- Thanks to Adam Bocim.
-
- *) Bugfix: a case when a backend in "fastcgi_pass", "scgi_pass", or
- "uwsgi_pass" directives is given by expression and refers to a
- defined upstream.
-
-
-Changes with nginx 0.9.6 21 Mar 2011
-
- *) Feature: the "map" directive supports regular expressions as value of
- the first parameter.
-
- *) Feature: $time_iso8601 access_log variable.
- Thanks to Michael Lustfield.
-
-
-Changes with nginx 0.9.5 21 Feb 2011
-
- *) Change: now nginx uses a default listen backlog value -1 on Linux.
- Thanks to Andrei Nigmatulin.
-
- *) Feature: the "utf8" parameter of "geoip_country" and "geoip_city"
- directives.
- Thanks to Denis F. Latypoff.
-
- *) Bugfix: in a default "proxy_redirect" directive if "proxy_pass"
- directive has no URI part.
- Thanks to Maxim Dounin.
-
- *) Bugfix: an "error_page" directive did not work with nonstandard error
- codes; the bug had appeared in 0.8.53.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.9.4 21 Jan 2011
-
- *) Feature: the "server_name" directive supports the $hostname variable.
-
- *) Feature: 494 code for "Request Header Too Large" error.
-
-
-Changes with nginx 0.9.3 13 Dec 2010
-
- *) Bugfix: if there was a single server for given IPv6 address:port
- pair, then captures in regular expressions in a "server_name"
- directive did not work.
-
- *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
- 0.9.0.
-
-
-Changes with nginx 0.9.2 06 Dec 2010
-
- *) Feature: the "If-Unmodified-Since" client request header line
- support.
-
- *) Workaround: fallback to accept() syscall if accept4() was not
- implemented; the issue had appeared in 0.9.0.
-
- *) Bugfix: nginx could not be built on Cygwin; the bug had appeared in
- 0.9.0.
-
- *) Bugfix: for OpenSSL vulnerability CVE-2010-4180.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.9.1 30 Nov 2010
-
- *) Bugfix: "return CODE message" directives did not work; the bug had
- appeared in 0.9.0.
-
-
-Changes with nginx 0.9.0 29 Nov 2010
-
- *) Feature: the "keepalive_disable" directive.
-
- *) Feature: the "map" directive supports variables as value of a defined
- variable.
-
- *) Feature: the "map" directive supports empty strings as value of the
- first parameter.
-
- *) Feature: the "map" directive supports expressions as the first
- parameter.
-
- *) Feature: nginx(8) manual page.
- Thanks to Sergey Osokin.
-
- *) Feature: Linux accept4() support.
- Thanks to Simon Liu.
-
- *) Workaround: elimination of Linux linker warning about "sys_errlist"
- and "sys_nerr"; the warning had appeared in 0.8.35.
-
- *) Bugfix: a segmentation fault might occur in a worker process, if the
- "auth_basic" directive was used.
- Thanks to Michail Laletin.
-
- *) Bugfix: compatibility with ngx_http_eval_module; the bug had appeared
- in 0.8.42.
-
-
-Changes with nginx 0.8.53 18 Oct 2010
-
- *) Feature: now the "error_page" directive allows to change a status
- code in a redirect.
-
- *) Feature: the "gzip_disable" directive supports special "degradation"
- mask.
-
- *) Bugfix: a socket leak might occurred if file AIO was used.
- Thanks to Maxim Dounin.
-
- *) Bugfix: if the first server had no "listen" directive and there was
- no explicit default server, then a next server with a "listen"
- directive became the default server; the bug had appeared in 0.8.21.
-
-
-Changes with nginx 0.8.52 28 Sep 2010
-
- *) Bugfix: nginx used SSL mode for a listen socket if any listen option
- was set; the bug had appeared in 0.8.51.
-
-
-Changes with nginx 0.8.51 27 Sep 2010
-
- *) Change: the "secure_link_expires" directive has been canceled.
-
- *) Change: a logging level of resolver errors has been lowered from
- "alert" to "error".
-
- *) Feature: now a listen socket "ssl" parameter may be set several
- times.
-
-
-Changes with nginx 0.8.50 02 Sep 2010
-
- *) Feature: the "secure_link", "secure_link_md5", and
- "secure_link_expires" directives of the ngx_http_secure_link_module.
-
- *) Feature: the -q switch.
- Thanks to Gena Makhomed.
-
- *) Bugfix: worker processes may got caught in an endless loop during
- reconfiguration, if a caching was used; the bug had appeared in
- 0.8.48.
-
- *) Bugfix: in the "gzip_disable" directive.
- Thanks to Derrick Petzold.
-
- *) Bugfix: nginx/Windows could not send stop, quit, reopen, and reload
- signals to a process run in other session.
-
-
-Changes with nginx 0.8.49 09 Aug 2010
-
- *) Feature: the "image_filter_jpeg_quality" directive supports
- variables.
-
- *) Bugfix: a segmentation fault might occur in a worker process, if the
- $geoip_region_name variables was used; the bug had appeared in
- 0.8.48.
-
- *) Bugfix: errors intercepted by error_page were cached only for next
- request; the bug had appeared in 0.8.48.
-
-
-Changes with nginx 0.8.48 03 Aug 2010
-
- *) Change: now the "server_name" directive default value is an empty
- name "".
- Thanks to Gena Makhomed.
-
- *) Change: now the "server_name_in_redirect" directive default value is
- "off".
-
- *) Feature: the $geoip_dma_code, $geoip_area_code, and
- $geoip_region_name variables.
- Thanks to Christine McGonagle.
-
- *) Bugfix: the "proxy_pass", "fastcgi_pass", "uwsgi_pass", and
- "scgi_pass" directives were not inherited inside "limit_except"
- blocks.
-
- *) Bugfix: the "proxy_cache_min_uses", "fastcgi_cache_min_uses"
- "uwsgi_cache_min_uses", and "scgi_cache_min_uses" directives did not
- work; the bug had appeared in 0.8.46.
-
- *) Bugfix: the "fastcgi_split_path_info" directive used incorrectly
- captures, if only parts of an URI were captured.
- Thanks to Yuriy Taraday and Frank Enderle.
-
- *) Bugfix: the "rewrite" directive did not escape a ";" character during
- copying from URI to query string.
- Thanks to Daisuke Murase.
-
- *) Bugfix: the ngx_http_image_filter_module closed a connection, if an
- image was larger than "image_filter_buffer" size.
-
-
-Changes with nginx 0.8.47 28 Jul 2010
-
- *) Bugfix: $request_time variable had invalid values for subrequests.
-
- *) Bugfix: errors intercepted by error_page could not be cached.
-
- *) Bugfix: a cache manager process may got caught in an endless loop, if
- max_size parameter was used; the bug had appeared in 0.8.46.
-
-
-Changes with nginx 0.8.46 19 Jul 2010
-
- *) Change: now the "proxy_no_cache", "fastcgi_no_cache",
- "uwsgi_no_cache", and "scgi_no_cache" directives affect on a cached
- response saving only.
-
- *) Feature: the "proxy_cache_bypass", "fastcgi_cache_bypass",
- "uwsgi_cache_bypass", and "scgi_cache_bypass" directives.
-
- *) Bugfix: nginx did not free memory in cache keys zones if there was an
- error during working with backend: the memory was freed only after
- inactivity time or on memory low condition.
-
-
-Changes with nginx 0.8.45 13 Jul 2010
-
- *) Feature: ngx_http_xslt_filter improvements.
- Thanks to Laurence Rowe.
-
- *) Bugfix: SSI response might be truncated after include with
- wait="yes"; the bug had appeared in 0.7.25.
- Thanks to Maxim Dounin.
-
- *) Bugfix: the "listen" directive did not support the "setfib=0"
- parameter.
-
-
-Changes with nginx 0.8.44 05 Jul 2010
-
- *) Change: now nginx does not cache by default backend responses, if
- they have a "Set-Cookie" header line.
-
- *) Feature: the "listen" directive supports the "setfib" parameter.
- Thanks to Andrew Filonov.
-
- *) Bugfix: the "sub_filter" directive might change character case on
- partial match.
-
- *) Bugfix: compatibility with HP/UX.
-
- *) Bugfix: compatibility with AIX xlC_r compiler.
-
- *) Bugfix: nginx treated large SSLv2 packets as plain requests.
- Thanks to Miroslaw Jaworski.
-
-
-Changes with nginx 0.8.43 30 Jun 2010
-
- *) Feature: large geo ranges base loading speed-up.
-
- *) Bugfix: an error_page redirection to "location /zero {return 204;}"
- without changing status code kept the error body; the bug had
- appeared in 0.8.42.
-
- *) Bugfix: nginx might close IPv6 listen socket during reconfiguration.
- Thanks to Maxim Dounin.
-
- *) Bugfix: the $uid_set variable may be used at any request processing
- stage.
-
-
-Changes with nginx 0.8.42 21 Jun 2010
-
- *) Change: now nginx tests locations given by regular expressions, if
- request was matched exactly by a location given by a prefix string.
- The previous behavior has been introduced in 0.7.1.
-
- *) Feature: the ngx_http_scgi_module.
- Thanks to Manlio Perillo.
-
- *) Feature: a text answer may be added to a "return" directive.
-
-
-Changes with nginx 0.8.41 15 Jun 2010
-
- *) Security: nginx/Windows worker might be terminated abnormally if a
- requested file name has invalid UTF-8 encoding.
-
- *) Change: now nginx allows to use spaces in a request line.
-
- *) Bugfix: the "proxy_redirect" directive changed incorrectly a backend
- "Refresh" response header line.
- Thanks to Andrey Andreew and Max Sogin.
-
- *) Bugfix: nginx did not support path without host name in "Destination"
- request header line.
-
-
-Changes with nginx 0.8.40 07 Jun 2010
-
- *) Security: now nginx/Windows ignores default file stream name.
- Thanks to Jose Antonio Vazquez Gonzalez.
-
- *) Feature: the ngx_http_uwsgi_module.
- Thanks to Roberto De Ioris.
-
- *) Feature: a "fastcgi_param" directive with value starting with "HTTP_"
- overrides a client request header line.
-
- *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
- header lines were passed to FastCGI-server while caching.
-
- *) Bugfix: listen unix domain socket could not be changed during
- reconfiguration.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.8.39 31 May 2010
-
- *) Bugfix: an inherited "alias" directive worked incorrectly in
- inclusive location.
-
- *) Bugfix: in "alias" with variables and "try_files" directives
- combination.
-
- *) Bugfix: listen unix domain and IPv6 sockets did not inherit while
- online upgrade.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.8.38 24 May 2010
-
- *) Feature: the "proxy_no_cache" and "fastcgi_no_cache" directives.
-
- *) Feature: now the "rewrite" directive does a redirect automatically if
- the $scheme variable is used.
- Thanks to Piotr Sikora.
-
- *) Bugfix: now "limit_req" delay directive conforms to the described
- algorithm.
- Thanks to Maxim Dounin.
-
- *) Bugfix: the $uid_got variable might not be used in the SSI and perl
- modules.
-
-
-Changes with nginx 0.8.37 17 May 2010
-
- *) Feature: the ngx_http_split_clients_module.
-
- *) Feature: the "map" directive supports keys more than 255 characters.
-
- *) Bugfix: nginx ignored the "private" and "no-store" values in the
- "Cache-Control" backend response header line.
-
- *) Bugfix: a "stub" parameter of an "include" SSI directive was not
- used, if empty response has 200 status code.
-
- *) Bugfix: if a proxied or FastCGI request was internally redirected to
- another proxied or FastCGI location, then a segmentation fault might
- occur in a worker process; the bug had appeared in 0.8.33.
- Thanks to Yichun Zhang.
-
- *) Bugfix: IMAP connections may hang until they timed out while talking
- to Zimbra server.
- Thanks to Alan Batie.
-
-
-Changes with nginx 0.8.36 22 Apr 2010
-
- *) Bugfix: the ngx_http_dav_module handled incorrectly the DELETE, COPY,
- and MOVE methods for symlinks.
-
- *) Bugfix: values of the $query_string, $arg_..., etc. variables cached
- in main request were used by the SSI module in subrequests.
-
- *) Bugfix: a variable value was repeatedly encoded after each an "echo"
- SSI-command output; the bug had appeared in 0.6.14.
-
- *) Bugfix: a worker process hung if a FIFO file was requested.
- Thanks to Vicente Aguilar and Maxim Dounin.
-
- *) Bugfix: OpenSSL-1.0.0 compatibility on 64-bit Linux.
- Thanks to Maxim Dounin.
-
- *) Bugfix: nginx could not be built --without-http-cache; the bug had
- appeared in 0.8.35.
-
-
-Changes with nginx 0.8.35 01 Apr 2010
-
- *) Change: now the charset filter runs before the SSI filter.
-
- *) Feature: the "chunked_transfer_encoding" directive.
-
- *) Bugfix: an "&" character was not escaped when it was copied in
- arguments part in a rewrite rule.
-
- *) Bugfix: nginx might be terminated abnormally while a signal
- processing or if the directive "timer_resolution" was used on
- platforms which do not support kqueue or eventport notification
- methods.
- Thanks to George Xie and Maxim Dounin.
-
- *) Bugfix: if temporary files and permanent storage area resided at
- different file systems, then permanent file modification times were
- incorrect.
- Thanks to Maxim Dounin.
-
- *) Bugfix: ngx_http_memcached_module might issue the error message
- "memcached sent invalid trailer".
- Thanks to Maxim Dounin.
-
- *) Bugfix: nginx could not built zlib-1.2.4 library using the library
- sources.
- Thanks to Maxim Dounin.
-
- *) Bugfix: a segmentation fault occurred in a worker process, if there
- was large stderr output before FastCGI response; the bug had appeared
- in 0.8.34.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.8.34 03 Mar 2010
-
- *) Bugfix: nginx did not support all ciphers and digests used in client
- certificates.
- Thanks to Innocenty Enikeew.
-
- *) Bugfix: nginx cached incorrectly FastCGI responses if there was large
- stderr output before response.
-
- *) Bugfix: nginx did not support HTTPS referrers.
-
- *) Bugfix: nginx/Windows might not find file if path in configuration
- was given in other character case; the bug had appeared in 0.8.33.
-
- *) Bugfix: the $date_local variable has an incorrect value, if the "%s"
- format was used.
- Thanks to Maxim Dounin.
-
- *) Bugfix: if ssl_session_cache was not set or was set to "none", then
- during client certificate verify the error "session id context
- uninitialized" might occur; the bug had appeared in 0.7.1.
-
- *) Bugfix: a geo range returned default value if the range included two
- or more /16 networks and did not begin at /16 network boundary.
-
- *) Bugfix: a block used in a "stub" parameter of an "include" SSI
- directive was output with "text/plain" MIME type.
-
- *) Bugfix: $r->sleep() did not work; the bug had appeared in 0.8.11.
-
-
-Changes with nginx 0.8.33 01 Feb 2010
-
- *) Security: now nginx/Windows ignores trailing spaces in URI.
- Thanks to Dan Crowley, Core Security Technologies.
-
- *) Security: now nginx/Windows ignores short files names.
- Thanks to Dan Crowley, Core Security Technologies.
-
- *) Change: now keepalive connections after POST requests are not
- disabled for MSIE 7.0+.
- Thanks to Adam Lounds.
-
- *) Workaround: now keepalive connections are disabled for Safari.
- Thanks to Joshua Sierles.
-
- *) Bugfix: if a proxied or FastCGI request was internally redirected to
- another proxied or FastCGI location, then $upstream_response_time
- variable may have abnormally large value; the bug had appeared in
- 0.8.7.
-
- *) Bugfix: a segmentation fault might occur in a worker process, while
- discarding a request body; the bug had appeared in 0.8.11.
-
-
-Changes with nginx 0.8.32 11 Jan 2010
-
- *) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module.
- Thanks to Maxim Dounin.
-
- *) Bugfix: regular expression named captures worked for two names only.
- Thanks to Maxim Dounin.
-
- *) Bugfix: now the "localhost" name is used in the "Host" request header
- line, if an unix domain socket is defined in the "auth_http"
- directive.
- Thanks to Maxim Dounin.
-
- *) Bugfix: nginx did not support chunked transfer encoding for 201
- responses.
- Thanks to Julian Reich.
-
- *) Bugfix: if the "expires modified" set date in the past, then a
- negative number was set in the "Cache-Control" response header line.
- Thanks to Alex Kapranoff.
-
-
-Changes with nginx 0.8.31 23 Dec 2009
-
- *) Feature: now the "error_page" directive may redirect the 301 and 302
- responses.
-
- *) Feature: the $geoip_city_continent_code, $geoip_latitude, and
- $geoip_longitude variables.
- Thanks to Arvind Sundararajan.
-
- *) Feature: now the ngx_http_image_filter_module deletes always EXIF and
- other application specific data if the data consume more than 5% of a
- JPEG file.
-
- *) Bugfix: nginx closed a connection if a cached response had an empty
- body.
- Thanks to Piotr Sikora.
-
- *) Bugfix: nginx might not be built by gcc 4.x if the -O2 or higher
- optimization option was used.
- Thanks to Maxim Dounin and Denis F. Latypoff.
-
- *) Bugfix: regular expressions in location were always tested in
- case-sensitive mode; the bug had appeared in 0.8.25.
-
- *) Bugfix: nginx cached a 304 response if there was the "If-None-Match"
- header line in a proxied request.
- Thanks to Tim Dettrick and David Kostal.
-
- *) Bugfix: nginx/Windows tried to delete a temporary file twice if the
- file should replace an already existent file.
-
-
-Changes with nginx 0.8.30 15 Dec 2009
-
- *) Change: now the default buffer size of the
- "large_client_header_buffers" directive is 8K.
- Thanks to Andrew Cholakian.
-
- *) Feature: the conf/fastcgi.conf for simple FastCGI configurations.
-
- *) Bugfix: nginx/Windows tried to rename a temporary file twice if the
- file should replace an already existent file.
-
- *) Bugfix: of "double free or corruption" error issued if host could not
- be resolved; the bug had appeared in 0.8.22.
- Thanks to Konstantin Svist.
-
- *) Bugfix: in libatomic usage on some platforms.
- Thanks to W-Mark Kubacki.
-
-
-Changes with nginx 0.8.29 30 Nov 2009
-
- *) Change: now the "009" status code is written to an access log for
- proxied HTTP/0.9 responses.
-
- *) Feature: the "addition_types", "charset_types", "gzip_types",
- "ssi_types", "sub_filter_types", and "xslt_types" directives support
- an "*" parameter.
-
- *) Feature: GCC 4.1+ built-in atomic operations usage.
- Thanks to W-Mark Kubacki.
-
- *) Feature: the --with-libatomic[=DIR] option in the configure.
- Thanks to W-Mark Kubacki.
-
- *) Bugfix: listen unix domain socket had limited access rights.
-
- *) Bugfix: cached HTTP/0.9 responses were handled incorrectly.
-
- *) Bugfix: regular expression named captures given by "?P<...>" did not
- work in a "server_name" directive.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.8.28 23 Nov 2009
-
- *) Bugfix: nginx could not be built with the --without-pcre parameter;
- the bug had appeared in 0.8.25.
-
-
-Changes with nginx 0.8.27 17 Nov 2009
-
- *) Bugfix: regular expressions did not work in nginx/Windows; the bug
- had appeared in 0.8.25.
-
-
-Changes with nginx 0.8.26 16 Nov 2009
-
- *) Bugfix: in captures usage in "rewrite" directive; the bug had
- appeared in 0.8.25.
-
- *) Bugfix: nginx could not be built without the --with-debug option; the
- bug had appeared in 0.8.25.
-
-
-Changes with nginx 0.8.25 16 Nov 2009
-
- *) Change: now no message is written in an error log if a variable is
- not found by $r->variable() method.
-
- *) Feature: the ngx_http_degradation_module.
-
- *) Feature: regular expression named captures.
-
- *) Feature: now URI part is not required a "proxy_pass" directive if
- variables are used.
-
- *) Feature: now the "msie_padding" directive works for Chrome too.
-
- *) Bugfix: a segmentation fault occurred in a worker process on low
- memory condition; the bug had appeared in 0.8.18.
-
- *) Bugfix: nginx sent gzipped responses to clients those do not support
- gzip, if "gzip_static on" and "gzip_vary off"; the bug had appeared
- in 0.8.16.
-
-
-Changes with nginx 0.8.24 11 Nov 2009
-
- *) Bugfix: nginx always added "Content-Encoding: gzip" response header
- line in 304 responses sent by ngx_http_gzip_static_module.
-
- *) Bugfix: nginx could not be built without the --with-debug option; the
- bug had appeared in 0.8.23.
-
- *) Bugfix: the "unix:" parameter of the "set_real_ip_from" directive
- inherited incorrectly from previous level.
-
- *) Bugfix: in resolving empty name.
-
-
-Changes with nginx 0.8.23 11 Nov 2009
-
- *) Security: now SSL/TLS renegotiation is disabled.
- Thanks to Maxim Dounin.
-
- *) Bugfix: listen unix domain socket did not inherit while online
- upgrade.
-
- *) Bugfix: the "unix:" parameter of the "set_real_ip_from" directive did
- not without yet another directive with any IP address.
-
- *) Bugfix: segmentation fault and infinite looping in resolver.
-
- *) Bugfix: in resolver.
- Thanks to Artem Bokhan.
-
-
-Changes with nginx 0.8.22 03 Nov 2009
-
- *) Feature: the "proxy_bind", "fastcgi_bind", and "memcached_bind"
- directives.
-
- *) Feature: the "access" and the "deny" directives support IPv6.
-
- *) Feature: the "set_real_ip_from" directive supports IPv6 addresses in
- request headers.
-
- *) Feature: the "unix:" parameter of the "set_real_ip_from" directive.
-
- *) Bugfix: nginx did not delete unix domain socket after configuration
- testing.
-
- *) Bugfix: nginx deleted unix domain socket while online upgrade.
-
- *) Bugfix: the "!-x" operator did not work.
- Thanks to Maxim Dounin.
-
- *) Bugfix: a segmentation fault might occur in a worker process, if
- limit_rate was used in HTTPS server.
- Thanks to Maxim Dounin.
-
- *) Bugfix: a segmentation fault might occur in a worker process while
- $limit_rate logging.
- Thanks to Maxim Dounin.
-
- *) Bugfix: a segmentation fault might occur in a worker process, if
- there was no "listen" directive in "server" block; the bug had
- appeared in 0.8.21.
-
-
-Changes with nginx 0.8.21 26 Oct 2009
-
- *) Feature: now the "-V" switch shows TLS SNI support.
-
- *) Feature: the "listen" directive of the HTTP module supports unix
- domain sockets.
- Thanks to Hongli Lai.
-
- *) Feature: the "default_server" parameter of the "listen" directive.
-
- *) Feature: now a "default" parameter is not required to set listen
- socket options.
-
- *) Bugfix: nginx did not support dates in 2038 year on 32-bit platforms;
-
- *) Bugfix: socket leak; the bug had appeared in 0.8.11.
-
-
-Changes with nginx 0.8.20 14 Oct 2009
-
- *) Change: now default SSL ciphers are "HIGH:!ADH:!MD5".
-
- *) Bugfix: the ngx_http_autoindex_module did not show the trailing slash
- in links to a directory; the bug had appeared in 0.7.15.
-
- *) Bugfix: nginx did not close a log file set by the --error-log-path
- configuration option; the bug had appeared in 0.7.53.
-
- *) Bugfix: nginx did not treat a comma as separator in the
- "Cache-Control" backend response header line.
-
- *) Bugfix: nginx/Windows might not create temporary file, a cache file,
- or "proxy/fastcgi_store"d file if a worker had no enough access
- rights for top level directories.
-
- *) Bugfix: the "Set-Cookie" and "P3P" FastCGI response header lines were
- not hidden while caching if no "fastcgi_hide_header" directives were
- used with any parameters.
-
- *) Bugfix: nginx counted incorrectly disk cache size.
-
-
-Changes with nginx 0.8.19 06 Oct 2009
-
- *) Change: now SSLv2 protocol is disabled by default.
-
- *) Change: now default SSL ciphers are "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM".
-
- *) Bugfix: a "limit_req" directive did not work; the bug had appeared in
- 0.8.18.
-
-
-Changes with nginx 0.8.18 06 Oct 2009
-
- *) Feature: the "read_ahead" directive.
-
- *) Feature: now several "perl_modules" directives may be used.
-
- *) Feature: the "limit_req_log_level" and "limit_conn_log_level"
- directives.
-
- *) Bugfix: now "limit_req" directive conforms to the leaky bucket
- algorithm.
- Thanks to Maxim Dounin.
-
- *) Bugfix: nginx did not work on Linux/sparc.
- Thanks to Marcus Ramberg.
-
- *) Bugfix: nginx sent '\0' in a "Location" response header line on MKCOL
- request.
- Thanks to Xie Zhenye.
-
- *) Bugfix: zero status code was logged instead of 499 status code; the
- bug had appeared in 0.8.11.
-
- *) Bugfix: socket leak; the bug had appeared in 0.8.11.
-
-
-Changes with nginx 0.8.17 28 Sep 2009
-
- *) Security: now "/../" are disabled in "Destination" request header
- line.
-
- *) Change: now $host variable value is always low case.
-
- *) Feature: the $ssl_session_id variable.
-
- *) Bugfix: socket leak; the bug had appeared in 0.8.11.
-
-
-Changes with nginx 0.8.16 22 Sep 2009
-
- *) Feature: the "image_filter_transparency" directive.
-
- *) Bugfix: "addition_types" directive was incorrectly named
- "addtion_types".
-
- *) Bugfix: resolver cache poisoning.
- Thanks to Matthew Dempsky.
-
- *) Bugfix: memory leak in resolver.
- Thanks to Matthew Dempsky.
-
- *) Bugfix: invalid request line in $request variable was written in
- access_log only if error_log was set to "info" or "debug" level.
-
- *) Bugfix: in PNG alpha-channel support in the
- ngx_http_image_filter_module.
-
- *) Bugfix: nginx always added "Vary: Accept-Encoding" response header
- line, if both "gzip_static" and "gzip_vary" were on.
-
- *) Bugfix: in UTF-8 encoding support by "try_files" directive in
- nginx/Windows.
-
- *) Bugfix: in "post_action" directive usage; the bug had appeared in
- 0.8.11.
- Thanks to Igor Artemiev.
-
-
-Changes with nginx 0.8.15 14 Sep 2009
-
- *) Security: a segmentation fault might occur in worker process while
- specially crafted request handling.
- Thanks to Chris Ries.
-
- *) Bugfix: if names .domain.tld, .sub.domain.tld, and .domain-some.tld
- were defined, then the name .sub.domain.tld was matched by
- .domain.tld.
-
- *) Bugfix: in transparency support in the ngx_http_image_filter_module.
-
- *) Bugfix: in file AIO.
-
- *) Bugfix: in X-Accel-Redirect usage; the bug had appeared in 0.8.11.
-
- *) Bugfix: in embedded perl module; the bug had appeared in 0.8.11.
-
-
-Changes with nginx 0.8.14 07 Sep 2009
-
- *) Bugfix: an expired cached response might stick in the "UPDATING"
- state.
-
- *) Bugfix: a segmentation fault might occur in worker process, if
- error_log was set to info or debug level.
- Thanks to Sergey Bochenkov.
-
- *) Bugfix: in embedded perl module; the bug had appeared in 0.8.11.
-
- *) Bugfix: an "error_page" directive did not redirect a 413 error; the
- bug had appeared in 0.6.10.
-
-
-Changes with nginx 0.8.13 31 Aug 2009
-
- *) Bugfix: in the "aio sendfile" directive; the bug had appeared in
- 0.8.12.
-
- *) Bugfix: nginx could not be built without the --with-file-aio option
- on FreeBSD; the bug had appeared in 0.8.12.
-
-
-Changes with nginx 0.8.12 31 Aug 2009
-
- *) Feature: the "sendfile" parameter in the "aio" directive on FreeBSD.
-
- *) Bugfix: in try_files; the bug had appeared in 0.8.11.
-
- *) Bugfix: in memcached; the bug had appeared in 0.8.11.
-
-
-Changes with nginx 0.8.11 28 Aug 2009
-
- *) Change: now directive "gzip_disable msie6" does not disable gzipping
- for MSIE 6.0 SV1.
-
- *) Feature: file AIO support on FreeBSD and Linux.
-
- *) Feature: the "directio_alignment" directive.
-
-
-Changes with nginx 0.8.10 24 Aug 2009
-
- *) Bugfix: memory leaks if GeoIP City database was used.
-
- *) Bugfix: in copying temporary files to permanent storage area; the bug
- had appeared in 0.8.9.
-
-
-Changes with nginx 0.8.9 17 Aug 2009
-
- *) Feature: now the start cache loader runs in a separate process; this
- should improve large caches handling.
-
- *) Feature: now temporary files and permanent storage area may reside at
- different file systems.
-
-
-Changes with nginx 0.8.8 10 Aug 2009
-
- *) Bugfix: in handling FastCGI headers split in records.
-
- *) Bugfix: a segmentation fault occurred in worker process, if a request
- was handled in two proxied or FastCGIed locations and a caching was
- enabled in the first location; the bug had appeared in 0.8.7.
-
-
-Changes with nginx 0.8.7 27 Jul 2009
-
- *) Change: minimum supported OpenSSL version is 0.9.7.
-
- *) Change: the "ask" parameter of the "ssl_verify_client" directive was
- changed to the "optional" parameter and now it checks a client
- certificate if it was offered.
- Thanks to Brice Figureau.
-
- *) Feature: the $ssl_client_verify variable.
- Thanks to Brice Figureau.
-
- *) Feature: the "ssl_crl" directive.
- Thanks to Brice Figureau.
-
- *) Feature: the "proxy" parameter of the "geo" directive.
-
- *) Feature: the "image_filter" directive supports variables for setting
- size.
-
- *) Bugfix: the $ssl_client_cert variable usage corrupted memory; the bug
- had appeared in 0.7.7.
- Thanks to Sergey Zhuravlev.
-
- *) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did
- not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate",
- "X-Accel-Buffering", and "X-Accel-Charset" lines from backend
- response header.
- Thanks to Maxim Dounin.
-
- *) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend
- response header lines; the bug had appeared in 0.7.44.
- Thanks to Maxim Dounin.
-
- *) Bugfix: the "[alert] zero size buf" error if subrequest returns an
- empty response; the bug had appeared in 0.8.5.
-
-
-Changes with nginx 0.8.6 20 Jul 2009
-
- *) Feature: the ngx_http_geoip_module.
-
- *) Bugfix: XSLT filter may fail with message "not well formed XML
- document" for valid XML document.
- Thanks to Kuramoto Eiji.
-
- *) Bugfix: now in MacOSX, Cygwin, and nginx/Windows locations given by a
- regular expression are always tested in case insensitive mode.
-
- *) Bugfix: now nginx/Windows ignores trailing dots in URI.
- Thanks to Hugo Leisink.
-
- *) Bugfix: name of file specified in --conf-path was not honored during
- installation; the bug had appeared in 0.6.6.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.8.5 13 Jul 2009
-
- *) Bugfix: now nginx allows underscores in a request method.
-
- *) Bugfix: a 500 error code was returned for invalid login/password
- while HTTP Basic authentication on Windows.
-
- *) Bugfix: ngx_http_perl_module responses did not work in subrequests.
-
- *) Bugfix: in ngx_http_limit_req_module.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.8.4 22 Jun 2009
-
- *) Bugfix: nginx could not be built --without-http-cache; the bug had
- appeared in 0.8.3.
-
-
-Changes with nginx 0.8.3 19 Jun 2009
-
- *) Feature: the $upstream_cache_status variable.
-
- *) Bugfix: nginx could not be built on MacOSX 10.6.
-
- *) Bugfix: nginx could not be built --without-http-cache; the bug had
- appeared in 0.8.2.
-
- *) Bugfix: a segmentation fault occurred in worker process, if a backend
- 401 error was intercepted and the backend did not set the
- "WWW-Authenticate" response header line.
- Thanks to Eugene Mychlo.
-
-
-Changes with nginx 0.8.2 15 Jun 2009
-
- *) Bugfix: in open_file_cache and proxy/fastcgi cache interaction on
- start up.
-
- *) Bugfix: open_file_cache might cache open file descriptors too long;
- the bug had appeared in 0.7.4.
-
-
-Changes with nginx 0.8.1 08 Jun 2009
-
- *) Feature: the "updating" parameter in "proxy_cache_use_stale" and
- "fastcgi_cache_use_stale" directives.
-
- *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
- header lines were passed to backend while caching if no
- "proxy_set_header" directive was used with any parameters.
-
- *) Bugfix: the "Set-Cookie" and "P3P" response header lines were not
- hidden while caching if no "proxy_hide_header/fastcgi_hide_header"
- directives were used with any parameters.
-
- *) Bugfix: the ngx_http_image_filter_module did not support GIF87a
- format.
- Thanks to Denis Ilyinyh.
-
- *) Bugfix: nginx could not be built modules on Solaris 10 and early; the
- bug had appeared in 0.7.56.
-
-
-Changes with nginx 0.8.0 02 Jun 2009
-
- *) Feature: the "keepalive_requests" directive.
-
- *) Feature: the "limit_rate_after" directive.
- Thanks to Ivan Debnar.
-
- *) Bugfix: XLST filter did not work in subrequests.
-
- *) Bugfix: in relative paths handling in nginx/Windows.
-
- *) Bugfix: in proxy_store, fastcgi_store, proxy_cache, and fastcgi_cache
- in nginx/Windows.
-
- *) Bugfix: in memory allocation error handling.
- Thanks to Maxim Dounin and Kirill A. Korinskiy.
-
-
-Changes with nginx 0.7.59 25 May 2009
-
- *) Feature: the "proxy_cache_methods" and "fastcgi_cache_methods"
- directives.
-
- *) Bugfix: socket leak; the bug had appeared in 0.7.25.
- Thanks to Maxim Dounin.
-
- *) Bugfix: a segmentation fault occurred in worker process, if a request
- had no body and the $request_body variable was used;
- the bug had appeared in 0.7.58.
-
- *) Bugfix: the SSL modules might not built on Solaris and Linux;
- the bug had appeared in 0.7.56.
-
- *) Bugfix: ngx_http_xslt_filter_module responses were not handled by
- SSI, charset, and gzip filters.
-
- *) Bugfix: a "charset" directive did not set a charset to
- ngx_http_gzip_static_module responses.
-
-
-Changes with nginx 0.7.58 18 May 2009
-
- *) Feature: a "listen" directive of the mail proxy module supports IPv6.
-
- *) Feature: the "image_filter_jpeg_quality" directive.
-
- *) Feature: the "client_body_in_single_buffer" directive.
-
- *) Feature: the $request_body variable.
-
- *) Bugfix: in ngx_http_autoindex_module in file name links having a ":"
- symbol in the name.
-
- *) Bugfix: "make upgrade" procedure did not work; the bug had appeared
- in 0.7.53.
- Thanks to Denis F. Latypoff.
-
-
-Changes with nginx 0.7.57 12 May 2009
-
- *) Bugfix: a floating-point fault occurred in worker process, if the
- ngx_http_image_filter_module errors were redirected to named
- location; the bug had appeared in 0.7.56.
-
-
-Changes with nginx 0.7.56 11 May 2009
-
- *) Feature: nginx/Windows supports IPv6 in a "listen" directive of the
- HTTP module.
-
- *) Bugfix: in ngx_http_image_filter_module.
-
-
-Changes with nginx 0.7.55 06 May 2009
-
- *) Bugfix: the http_XXX parameters in "proxy_cache_use_stale" and
- "fastcgi_cache_use_stale" directives did not work.
-
- *) Bugfix: fastcgi cache did not cache header only responses.
-
- *) Bugfix: of "select() failed (9: Bad file descriptor)" error in
- nginx/Unix and "select() failed (10038: ...)" error in nginx/Windows.
-
- *) Bugfix: a segmentation fault might occur in worker process, if an
- "debug_connection" directive was used; the bug had appeared in
- 0.7.54.
-
- *) Bugfix: fix ngx_http_image_filter_module building errors.
-
- *) Bugfix: the files bigger than 2G could not be transferred using
- $r->sendfile.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.7.54 01 May 2009
-
- *) Feature: the ngx_http_image_filter_module.
-
- *) Feature: the "proxy_ignore_headers" and "fastcgi_ignore_headers"
- directives.
-
- *) Bugfix: a segmentation fault might occur in worker process, if an
- "open_file_cache_errors off" directive was used; the bug had appeared
- in 0.7.53.
-
- *) Bugfix: the "port_in_redirect off" directive did not work; the bug
- had appeared in 0.7.39.
-
- *) Bugfix: improve handling of "select" method errors.
-
- *) Bugfix: of "select() failed (10022: ...)" error in nginx/Windows.
-
- *) Bugfix: in error text descriptions in nginx/Windows; the bug had
- appeared in 0.7.53.
-
-
-Changes with nginx 0.7.53 27 Apr 2009
-
- *) Change: now a log set by --error-log-path is created from the very
- start-up.
-
- *) Feature: now the start up errors and warnings are outputted to an
- error_log and stderr.
-
- *) Feature: the empty --prefix= configure parameter forces nginx to use
- a directory where it was run as prefix.
-
- *) Feature: the -p switch.
-
- *) Feature: the -s switch on Unix platforms.
-
- *) Feature: the -? and -h switches.
- Thanks to Jerome Loyet.
-
- *) Feature: now switches may be set in condensed form.
-
- *) Bugfix: nginx/Windows did not work if configuration file was given by
- the -c switch.
-
- *) Bugfix: temporary files might be not removed if the "proxy_store",
- "fastcgi_store", "proxy_cache", or "fastcgi_cache" were used.
- Thanks to Maxim Dounin.
-
- *) Bugfix: an incorrect value was passed to mail proxy authentication
- server in "Auth-Method" header line; the bug had appeared
- in 0.7.34.
- Thanks to Simon Lecaille.
-
- *) Bugfix: system error text descriptions were not logged on Linux;
- the bug had appeared in 0.7.45.
-
- *) Bugfix: the "fastcgi_cache_min_uses" directive did not work.
- Thanks to Andrew Vorobyoff.
-
-
-Changes with nginx 0.7.52 20 Apr 2009
-
- *) Feature: the first native Windows binary release.
-
- *) Bugfix: in processing HEAD method while caching.
-
- *) Bugfix: in processing the "If-Modified-Since", "If-Range", etc.
- client request header lines while caching.
-
- *) Bugfix: now the "Set-Cookie" and "P3P" header lines are hidden in
- cacheable responses.
-
- *) Bugfix: if nginx was built with the ngx_http_perl_module and with a
- perl which supports threads, then during a master process exit the
- message "panic: MUTEX_LOCK" might be issued.
-
- *) Bugfix: nginx could not be built --without-http-cache; the bug had
- appeared in 0.7.48.
-
- *) Bugfix: nginx could not be built on platforms different from i386,
- amd64, sparc, and ppc; the bug had appeared in 0.7.42.
-
-
-Changes with nginx 0.7.51 12 Apr 2009
-
- *) Feature: the "try_files" directive supports a response code in the
- fallback parameter.
-
- *) Feature: now any response code can be used in the "return" directive.
-
- *) Bugfix: the "error_page" directive made an external redirect without
- query string; the bug had appeared in 0.7.44.
-
- *) Bugfix: if servers listened on several defined explicitly addresses,
- then virtual servers might not work; the bug had appeared in 0.7.39.
-
-
-Changes with nginx 0.7.50 06 Apr 2009
-
- *) Bugfix: the $arg_... variables did not work; the bug had appeared in
- 0.7.49.
-
-
-Changes with nginx 0.7.49 06 Apr 2009
-
- *) Bugfix: a segmentation fault might occur in worker process, if the
- $arg_... variables were used; the bug had appeared in 0.7.48.
-
-
-Changes with nginx 0.7.48 06 Apr 2009
-
- *) Feature: the "proxy_cache_key" directive.
-
- *) Bugfix: now nginx takes into account the "X-Accel-Expires",
- "Expires", and "Cache-Control" header lines in a backend response.
-
- *) Bugfix: now nginx caches responses for the GET requests only.
-
- *) Bugfix: the "fastcgi_cache_key" directive was not inherited.
-
- *) Bugfix: the $arg_... variables did not work with SSI subrequests.
- Thanks to Maxim Dounin.
-
- *) Bugfix: nginx could not be built with uclibc library.
- Thanks to Timothy Redaelli.
-
- *) Bugfix: nginx could not be built on OpenBSD; the bug had
- appeared in 0.7.46.
-
-
-Changes with nginx 0.7.47 01 Apr 2009
-
- *) Bugfix: nginx could not be built on FreeBSD 6 and early versions; the
- bug had appeared in 0.7.46.
-
- *) Bugfix: nginx could not be built on MacOSX; the bug had
- appeared in 0.7.46.
-
- *) Bugfix: if the "max_size" parameter was set, then the cache manager
- might purge a whole cache; the bug had appeared in 0.7.46.
-
- *) Change: a segmentation fault might occur in worker process, if the
- "proxy_cache"/"fastcgi_cache" and the "proxy_cache_valid"/
- "fastcgi_cache_valid" were set on different levels; the bug had
- appeared in 0.7.46.
-
- *) Bugfix: a segmentation fault might occur in worker process, if a
- request was redirected to a proxied or FastCGI server via error_page
- or try_files; the bug had appeared in 0.7.44.
-
-
-Changes with nginx 0.7.46 30 Mar 2009
-
- *) Bugfix: the previous release tarball was incorrect.
-
-
-Changes with nginx 0.7.45 30 Mar 2009
-
- *) Change: now the "proxy_cache" and the "proxy_cache_valid" directives
- can be set on different levels.
-
- *) Change: the "clean_time" parameter of the "proxy_cache_path"
- directive is canceled.
-
- *) Feature: the "max_size" parameter of the "proxy_cache_path"
- directive.
-
- *) Feature: the ngx_http_fastcgi_module preliminary cache support.
-
- *) Feature: now on shared memory allocation errors directive and zone
- names are logged.
-
- *) Bugfix: the directive "add_header last-modified ''" did not delete a
- "Last-Modified" response header line; the bug had appeared in 0.7.44.
-
- *) Bugfix: a relative path in the "auth_basic_user_file" directive given
- without variables did not work; the bug had appeared in 0.7.44.
- Thanks to Jerome Loyet.
-
- *) Bugfix: in an "alias" directive given using variables without
- references to captures of regular expressions; the bug had appeared
- in 0.7.42.
-
-
-Changes with nginx 0.7.44 23 Mar 2009
-
- *) Feature: the ngx_http_proxy_module preliminary cache support.
-
- *) Feature: the --with-pcre option in the configure.
-
- *) Feature: the "try_files" directive is now allowed on the server block
- level.
-
- *) Bugfix: the "try_files" directive handled incorrectly a query string
- in a fallback parameter.
-
- *) Bugfix: the "try_files" directive might test incorrectly directories.
-
- *) Bugfix: if there was a single server for given address:port pair,
- then captures in regular expressions in a "server_name" directive did
- not work.
-
-
-Changes with nginx 0.7.43 18 Mar 2009
-
- *) Bugfix: a request was handled incorrectly, if a "root" directive used
- variables; the bug had appeared in 0.7.42.
-
- *) Bugfix: if a server listened on wildcard address, then the
- $server_addr variable value was "0.0.0.0"; the bug had appeared in
- 0.7.36.
-
-
-Changes with nginx 0.7.42 16 Mar 2009
-
- *) Change: now the "Invalid argument" error returned by
- setsockopt(TCP_NODELAY) on Solaris, is ignored.
-
- *) Change: now if a file specified in a "auth_basic_user_file" directive
- is absent, then the 403 error is returned instead of the 500 one.
-
- *) Feature: the "auth_basic_user_file" directive supports variables.
- Thanks to Kirill A. Korinskiy.
-
- *) Feature: the "listen" directive supports the "ipv6only" parameter.
- Thanks to Zhang Hua.
-
- *) Bugfix: in an "alias" directive with references to captures of
- regular expressions; the bug had appeared in 0.7.40.
-
- *) Bugfix: compatibility with Tru64 UNIX.
- Thanks to Dustin Marquess.
-
- *) Bugfix: nginx could not be built without PCRE library; the bug had
- appeared in 0.7.41.
-
-
-Changes with nginx 0.7.41 11 Mar 2009
-
- *) Bugfix: a segmentation fault might occur in worker process, if a
- "server_name" or a "location" directives had captures in regular
- expressions; the issue had appeared in 0.7.40.
- Thanks to Vladimir Sopot.
-
-
-Changes with nginx 0.7.40 09 Mar 2009
-
- *) Feature: the "location" directive supports captures in regular
- expressions.
-
- *) Feature: an "alias" directive with capture references may be used
- inside a location given by a regular expression with captures.
-
- *) Feature: the "server_name" directive supports captures in regular
- expressions.
-
- *) Workaround: the ngx_http_autoindex_module did not show the trailing
- slash in directories on XFS filesystem; the issue had appeared in
- 0.7.15.
- Thanks to Dmitry Kuzmenko.
-
-
-Changes with nginx 0.7.39 02 Mar 2009
-
- *) Bugfix: large response with SSI might hang, if gzipping was enabled;
- the bug had appeared in 0.7.28.
- Thanks to Artem Bokhan.
-
- *) Bugfix: a segmentation fault might occur in worker process, if short
- static variants are used in a "try_files" directive.
-
-
-Changes with nginx 0.7.38 23 Feb 2009
-
- *) Feature: authentication failures logging.
-
- *) Bugfix: name/password in auth_basic_user_file were ignored after odd
- number of empty lines.
- Thanks to Alexander Zagrebin.
-
- *) Bugfix: a segmentation fault occurred in a master process, if long
- path was used in unix domain socket; the bug had appeared in 0.7.36.
-
-
-Changes with nginx 0.7.37 21 Feb 2009
-
- *) Bugfix: directives using upstreams did not work; the bug had appeared
- in 0.7.36.
-
-
-Changes with nginx 0.7.36 21 Feb 2009
-
- *) Feature: a preliminary IPv6 support; the "listen" directive of the
- HTTP module supports IPv6.
-
- *) Bugfix: the $ancient_browser variable did not work for browsers
- preset by a "modern_browser" directives.
-
-
-Changes with nginx 0.7.35 16 Feb 2009
-
- *) Bugfix: a "ssl_engine" directive did not use a SSL-accelerator for
- asymmetric ciphers.
- Thanks to Marcin Gozdalik.
-
- *) Bugfix: a "try_files" directive set MIME type depending on an
- original request extension.
-
- *) Bugfix: "*domain.tld" names were handled incorrectly in
- "server_name", "valid_referers", and "map" directives, if
- ".domain.tld" and ".subdomain.domain.tld" wildcards were used;
- the bug had appeared in 0.7.9.
-
-
-Changes with nginx 0.7.34 10 Feb 2009
-
- *) Feature: the "off" parameter of the "if_modified_since" directive.
-
- *) Feature: now nginx sends an HELO/EHLO command after a XCLIENT
- command.
- Thanks to Maxim Dounin.
-
- *) Feature: Microsoft specific "AUTH LOGIN with User Name" mode support
- in mail proxy server.
- Thanks to Maxim Dounin.
-
- *) Bugfix: in a redirect rewrite directive original arguments were
- concatenated with new arguments by a "?" rather than an "&";
- the bug had appeared in 0.1.18.
- Thanks to Maxim Dounin.
-
- *) Bugfix: nginx could not be built on AIX.
-
-
-Changes with nginx 0.7.33 02 Feb 2009
-
- *) Bugfix: a double response might be returned if the epoll or rtsig
- methods are used and a redirect was returned to a request with body.
- Thanks to Eden Li.
-
- *) Bugfix: the $sent_http_location variable was empty for some redirects
- types.
-
- *) Bugfix: a segmentation fault might occur in worker process if
- "resolver" directive was used in SMTP proxy.
-
-
-Changes with nginx 0.7.32 26 Jan 2009
-
- *) Feature: now a directory existence testing can be set explicitly in
- the "try_files" directive.
-
- *) Bugfix: fastcgi_store stored files not always.
-
- *) Bugfix: in geo ranges.
-
- *) Bugfix: in shared memory allocations if nginx was built without
- debugging.
- Thanks to Andrey Kvasov.
-
-
-Changes with nginx 0.7.31 19 Jan 2009
-
- *) Change: now the "try_files" directive tests files only and ignores
- directories.
-
- *) Feature: the "fastcgi_split_path_info" directive.
-
- *) Bugfixes in an "Expect" request header line support.
-
- *) Bugfixes in geo ranges.
-
- *) Bugfix: in a miss case ngx_http_memcached_module returned the "END"
- line as response body instead of default 404 page body; the bug had
- appeared in 0.7.18.
- Thanks to Maxim Dounin.
-
- *) Bugfix: while SMTP proxying nginx issued message "250 2.0.0 OK"
- instead of "235 2.0.0 OK"; the bug had appeared in 0.7.22.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.7.30 24 Dec 2008
-
- *) Bugfix: a segmentation fault occurred in worker process, if variables
- were used in the "fastcgi_pass" or "proxy_pass" directives and host
- name must be resolved; the bug had appeared in 0.7.29.
-
-
-Changes with nginx 0.7.29 24 Dec 2008
-
- *) Bugfix: the "fastcgi_pass" and "proxy_pass" directives did not
- support variables if unix domain sockets were used.
-
- *) Bugfixes in subrequest processing; the bugs had appeared in 0.7.25.
-
- *) Bugfix: a "100 Continue" response was issued for HTTP/1.0 requests;
- Thanks to Maxim Dounin.
-
- *) Bugfix: in memory allocation in the ngx_http_gzip_filter_module on
- Cygwin.
-
-
-Changes with nginx 0.7.28 22 Dec 2008
-
- *) Change: in memory allocation in the ngx_http_gzip_filter_module.
-
- *) Change: the default "gzip_buffers" directive values have been changed
- to 32 4k or 16 8k from 4 4k/8k.
-
-
-Changes with nginx 0.7.27 15 Dec 2008
-
- *) Feature: the "try_files" directive.
-
- *) Feature: variables support in the "fastcgi_pass" directive.
-
- *) Feature: now the $geo variable may get an address from a variable.
- Thanks to Andrei Nigmatulin.
-
- *) Feature: now a location's modifier may be used without space before
- name.
-
- *) Feature: the $upstream_response_length variable.
-
- *) Bugfix: now a "add_header" directive does not add an empty value.
-
- *) Bugfix: if zero length static file was requested, then nginx just
- closed connection; the bug had appeared in 0.7.25.
-
- *) Bugfix: a MOVE method could not move file in non-existent directory.
-
- *) Bugfix: a segmentation fault occurred in worker process, if no one
- named location was defined in server, but some one was used in an
- error_page directive.
- Thanks to Sergey Bochenkov.
-
-
-Changes with nginx 0.7.26 08 Dec 2008
-
- *) Bugfix: in subrequest processing; the bug had appeared in 0.7.25.
-
-
-Changes with nginx 0.7.25 08 Dec 2008
-
- *) Change: in subrequest processing.
-
- *) Change: now POSTs without "Content-Length" header line are allowed.
-
- *) Bugfix: now the "limit_req" and "limit_conn" directives log a
- prohibition reason.
-
- *) Bugfix: in the "delete" parameter of the "geo" directive.
-
-
-Changes with nginx 0.7.24 01 Dec 2008
-
- *) Feature: the "if_modified_since" directive.
-
- *) Bugfix: nginx did not process a FastCGI server response, if the
- server send too many messages to stderr before response.
-
- *) Bugfix: the "$cookie_..." variables did not work in the SSI and the
- perl module.
-
-
-Changes with nginx 0.7.23 27 Nov 2008
-
- *) Feature: the "delete" and "ranges" parameters in the "geo" directive.
-
- *) Feature: speeding up loading of geo base with large number of values.
-
- *) Feature: decrease of memory required for geo base load.
-
-
-Changes with nginx 0.7.22 20 Nov 2008
-
- *) Feature: the "none" parameter in the "smtp_auth" directive.
- Thanks to Maxim Dounin.
-
- *) Feature: the "$cookie_..." variables.
-
- *) Bugfix: the "directio" directive did not work in XFS filesystem.
-
- *) Bugfix: the resolver did not understand big DNS responses.
- Thanks to Zyb.
-
-
-Changes with nginx 0.7.21 11 Nov 2008
-
- *) Changes in the ngx_http_limit_req_module.
-
- *) Feature: the EXSLT support in the ngx_http_xslt_module.
- Thanks to Denis F. Latypoff.
-
- *) Workaround: compatibility with glibc 2.3.
- Thanks to Eric Benson and Maxim Dounin.
-
- *) Bugfix: nginx could not run on MacOSX 10.4 and earlier; the bug had
- appeared in 0.7.6.
-
-
-Changes with nginx 0.7.20 10 Nov 2008
-
- *) Changes in the ngx_http_gzip_filter_module.
-
- *) Feature: the ngx_http_limit_req_module.
-
- *) Bugfix: worker processes might exit on a SIGBUS signal on sparc and
- ppc platforms; the bug had appeared in 0.7.3.
- Thanks to Maxim Dounin.
-
- *) Bugfix: the "proxy_pass http://host/some:uri" directives did not
- work; the bug had appeared in 0.7.12.
-
- *) Bugfix: in HTTPS mode requests might fail with the "bad write retry"
- error.
-
- *) Bugfix: the ngx_http_secure_link_module did not work inside
- locations, whose names are less than 3 characters.
-
- *) Bugfix: $server_addr variable might have no value.
-
-
-Changes with nginx 0.7.19 13 Oct 2008
-
- *) Bugfix: version number update.
-
-
-Changes with nginx 0.7.18 13 Oct 2008
-
- *) Change: the "underscores_in_headers" directive; now nginx does not
- allows underscores in a client request header line names.
-
- *) Feature: the ngx_http_secure_link_module.
-
- *) Feature: the "real_ip_header" directive supports any header.
-
- *) Feature: the "log_subrequest" directive.
-
- *) Feature: the $realpath_root variable.
-
- *) Feature: the "http_502" and "http_504" parameters of the
- "proxy_next_upstream" directive.
-
- *) Bugfix: the "http_503" parameter of the "proxy_next_upstream" or
- "fastcgi_next_upstream" directives did not work.
-
- *) Bugfix: nginx might send a "Transfer-Encoding: chunked" header line
- for HEAD requests.
-
- *) Bugfix: now accept threshold depends on worker_connections.
-
-
-Changes with nginx 0.7.17 15 Sep 2008
-
- *) Feature: now the "directio" directive works on Linux.
-
- *) Feature: the $pid variable.
-
- *) Bugfix: the "directio" optimization that had appeared in 0.7.15 did
- not work with open_file_cache.
-
- *) Bugfix: the "access_log" with variables did not work on Linux; the
- bug had appeared in 0.7.7.
-
- *) Bugfix: the ngx_http_charset_module did not understand quoted charset
- name received from backend.
-
-
-Changes with nginx 0.7.16 08 Sep 2008
-
- *) Bugfix: nginx could not be built on 64-bit platforms; the bug had
- appeared in 0.7.15.
-
-
-Changes with nginx 0.7.15 08 Sep 2008
-
- *) Feature: the ngx_http_random_index_module.
-
- *) Feature: the "directio" directive has been optimized for file
- requests starting from arbitrary position.
-
- *) Feature: the "directio" directive turns off sendfile if it is
- necessary.
-
- *) Feature: now nginx allows underscores in a client request header line
- names.
-
-
-Changes with nginx 0.7.14 01 Sep 2008
-
- *) Change: now the ssl_certificate and ssl_certificate_key directives
- have no default values.
-
- *) Feature: the "listen" directive supports the "ssl" parameter.
-
- *) Feature: now nginx takes into account a time zone change while
- reconfiguration on FreeBSD and Linux.
-
- *) Bugfix: the "listen" directive parameters such as "backlog",
- "rcvbuf", etc. were not set, if a default server was not the first
- one.
-
- *) Bugfix: if URI part captured by a "rewrite" directive was used as a
- query string, then the query string was not escaped.
-
- *) Bugfix: configuration file validity test improvements.
-
-
-Changes with nginx 0.7.13 26 Aug 2008
-
- *) Bugfix: nginx could not be built on Linux and Solaris; the bug had
- appeared in 0.7.12.
-
-
-Changes with nginx 0.7.12 26 Aug 2008
-
- *) Feature: the "server_name" directive supports empty name "".
-
- *) Feature: the "gzip_disable" directive supports special "msie6" mask.
-
- *) Bugfix: if the "max_fails=0" parameter was used in upstream with
- several servers, then a worker process exited on a SIGFPE signal.
- Thanks to Maxim Dounin.
-
- *) Bugfix: a request body was dropped while redirection via an
- "error_page" directive.
-
- *) Bugfix: a full response was returned for request method HEAD while
- redirection via an "error_page" directive.
-
- *) Bugfix: the $r->header_in() method did not return value of the
- "Host", "User-Agent", and "Connection" request header lines; the bug
- had appeared in 0.7.0.
-
-
-Changes with nginx 0.7.11 18 Aug 2008
-
- *) Change: now ngx_http_charset_module does not work by default with
- text/css MIME type.
-
- *) Feature: now nginx returns the 405 status code for POST method
- requesting a static file only if the file exists.
-
- *) Feature: the "proxy_ssl_session_reuse" directive.
-
- *) Bugfix: a "proxy_pass" directive without URI part might use original
- request after the "X-Accel-Redirect" redirection was used.
-
- *) Bugfix: if a directory has search only rights and the first index
- file was absent, then nginx returned the 500 status code.
-
- *) Bugfix: in inclusive locations; the bugs had appeared in 0.7.1.
-
-
-Changes with nginx 0.7.10 13 Aug 2008
-
- *) Bugfix: in the "addition_types", "charset_types", "gzip_types",
- "ssi_types", "sub_filter_types", and "xslt_types" directives; the
- bugs had appeared in 0.7.9.
-
- *) Bugfix: of recursive error_page for 500 status code.
-
- *) Bugfix: now the ngx_http_realip_module sets address not for whole
- keepalive connection, but for each request passed via the connection.
-
-
-Changes with nginx 0.7.9 12 Aug 2008
-
- *) Change: now ngx_http_charset_module works by default with following
- MIME types: text/html, text/css, text/xml, text/plain,
- text/vnd.wap.wml, application/x-javascript, and application/rss+xml.
-
- *) Feature: the "charset_types" and "addition_types" directives.
-
- *) Feature: now the "gzip_types", "ssi_types", and "sub_filter_types"
- directives use hash.
-
- *) Feature: the ngx_cpp_test_module.
-
- *) Feature: the "expires" directive supports daily time.
-
- *) Feature: the ngx_http_xslt_module improvements and bug fixing.
- Thanks to Denis F. Latypoff and Maxim Dounin.
-
- *) Bugfix: the "log_not_found" directive did not work for index files
- tests.
-
- *) Bugfix: HTTPS connections might hang, if kqueue, epoll, rtsig, or
- eventport methods were used; the bug had appeared in 0.7.7.
-
- *) Bugfix: if the "server_name", "valid_referers", and "map" directives
- used an "*.domain.tld" wildcard and exact name "domain.tld" was not
- set, then the exact name was matched by the wildcard; the bug had
- appeared in 0.3.18.
-
-
-Changes with nginx 0.7.8 04 Aug 2008
-
- *) Feature: the ngx_http_xslt_module.
-
- *) Feature: the "$arg_..." variables.
-
- *) Feature: Solaris directio support.
- Thanks to Ivan Debnar.
-
- *) Bugfix: now if FastCGI server sends a "Location" header line without
- status line, then nginx uses 302 status code.
- Thanks to Maxim Dounin.
-
-
-Changes with nginx 0.7.7 30 Jul 2008
-
- *) Change: now the EAGAIN error returned by connect() is not considered
- as temporary error.
-
- *) Change: now the $ssl_client_cert variable value is a certificate with
- TAB character intended before each line except first one; an
- unchanged certificate is available in the $ssl_client_raw_cert
- variable.
-
- *) Feature: the "ask" parameter in the "ssl_verify_client" directive.
-
- *) Feature: byte-range processing improvements.
- Thanks to Maxim Dounin.
-
- *) Feature: the "directio" directive.
- Thanks to Jiang Hong.
-
- *) Feature: MacOSX 10.5 sendfile() support.
-
- *) Bugfix: now in MacOSX and Cygwin locations are tested in case
- insensitive mode; however, the compare is provided by single-byte
- locales only.
-
- *) Bugfix: mail proxy SSL connections hanged, if select, poll, or
- /dev/poll methods were used.
-
- *) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module.
-
-
-Changes with nginx 0.7.6 07 Jul 2008
-
- *) Bugfix: now if variables are used in the "access_log" directive a
- request root existence is always tested.
-
- *) Bugfix: the ngx_http_flv_module did not support several values in a
- query string.
-
-
-Changes with nginx 0.7.5 01 Jul 2008
-
- *) Bugfixes in variables support in the "access_log" directive; the bugs
- had appeared in 0.7.4.
-
- *) Bugfix: nginx could not be built --without-http_gzip_module; the bug
- had appeared in 0.7.3.
- Thanks to Kirill A. Korinskiy.
-
- *) Bugfix: if sub_filter and SSI were used together, then responses
- might were transferred incorrectly.
-
-
-Changes with nginx 0.7.4 30 Jun 2008
-
- *) Feature: variables support in the "access_log" directive.
-
- *) Feature: the "open_log_file_cache" directive.
-
- *) Feature: the -g switch.
-
- *) Feature: the "Expect" request header line support.
-
- *) Bugfix: large SSI inclusions might be truncated.
-
-
-Changes with nginx 0.7.3 23 Jun 2008
-
- *) Change: the "rss" extension MIME type has been changed to
- "application/rss+xml".
-
- *) Change: now the "gzip_vary" directive turned on issues a
- "Vary: Accept-Encoding" header line for uncompressed responses too.
-
- *) Feature: now the "rewrite" directive does a redirect automatically if
- the "https://" protocol is used.
-
- *) Bugfix: the "proxy_pass" directive did not work with the HTTPS
- protocol; the bug had appeared in 0.6.9.
-
-
-Changes with nginx 0.7.2 16 Jun 2008
-
- *) Feature: now nginx supports EDH key exchange ciphers.
-
- *) Feature: the "ssl_dhparam" directive.
-
- *) Feature: the $ssl_client_cert variable.
- Thanks to Manlio Perillo.
-
- *) Bugfix: after changing URI via a "rewrite" directive nginx did not
- search a new location; the bug had appeared in 0.7.1.
- Thanks to Maxim Dounin.
-
- *) Bugfix: nginx could not be built without PCRE library; the bug had
- appeared in 0.7.1.
-
- *) Bugfix: when a request to a directory was redirected with the slash
- added, nginx dropped a query string from the original request.
-
-
-Changes with nginx 0.7.1 26 May 2008
-
- *) Change: now locations are searched in a tree.
-
- *) Change: the "optimize_server_names" directive was canceled due to the
- "server_name_in_redirect" directive introduction.
-
- *) Change: some long deprecated directives are not supported anymore.
-
- *) Change: the "none" parameter in the "ssl_session_cache" directive;
- now this is default parameter.
- Thanks to Rob Mueller.
-
- *) Bugfix: worker processes might not catch reconfiguration and log
- rotation signals.
-
- *) Bugfix: nginx could not be built on latest Fedora 9 Linux.
- Thanks to Roxis.
-
-
-Changes with nginx 0.7.0 19 May 2008
-
- *) Change: now the 0x00-0x1F, '"' and '\' characters are escaped as \xXX
- in an access_log.
- Thanks to Maxim Dounin.
-
- *) Change: now nginx allows several "Host" request header line.
-
- *) Feature: the "modified" flag in the "expires" directive.
-
- *) Feature: the $uid_got and $uid_set variables may be used at any
- request processing stage.
-
- *) Feature: the $hostname variable.
- Thanks to Andrei Nigmatulin.
-
- *) Feature: DESTDIR support.
- Thanks to Todd A. Fisher and Andras Voroskoi.
-
- *) Bugfix: a segmentation fault might occur in worker process on Linux,
- if keepalive was enabled.
-
-
-Changes with nginx 0.6.31 12 May 2008
-
- *) Bugfix: nginx did not process FastCGI response if header was at the
- end of FastCGI record; the bug had appeared in 0.6.2.
- Thanks to Sergey Serov.
-
- *) Bugfix: a segmentation fault might occur in worker process if a file
- was deleted and the "open_file_cache_errors" directive was off.
-
-
-Changes with nginx 0.6.30 29 Apr 2008
-
- *) Change: now if an "include" directive pattern does not match any
- file, then nginx does not issue an error.
-
- *) Feature: now the time in directives may be specified without spaces,
- for example, "1h50m".
-
- *) Bugfix: memory leaks if the "ssl_verify_client" directive was on.
- Thanks to Chavelle Vincent.
-
- *) Bugfix: the "sub_filter" directive might set text to change into
- output.
-
- *) Bugfix: the "error_page" directive did not take into account
- arguments in redirected URI.
-
- *) Bugfix: now nginx always opens files in binary mode under Cygwin.
-
- *) Bugfix: nginx could not be built on OpenBSD; the bug had appeared in
- 0.6.15.
-
-
-Changes with nginx 0.6.29 18 Mar 2008
-
- *) Feature: the ngx_google_perftools_module.
-
- *) Bugfix: the ngx_http_perl_module could not be built on 64-bit
- platforms; the bug had appeared in 0.6.27.
-
-
-Changes with nginx 0.6.28 13 Mar 2008
-
- *) Bugfix: the rtsig method could not be built; the bug had appeared in
- 0.6.27.
-
-
-Changes with nginx 0.6.27 12 Mar 2008
-
- *) Change: now by default the rtsig method is not built on
- Linux 2.6.18+.
-
- *) Change: now a request method is not changed while redirection to a
- named location via an "error_page" directive.
-
- *) Feature: the "resolver" and "resolver_timeout" directives in SMTP
- proxy.
-
- *) Feature: the "post_action" directive supports named locations.
-
- *) Bugfix: a segmentation fault occurred in worker process, if a request
- was redirected from proxy, FastCGI, or memcached location to static
- named locations.
-
- *) Bugfix: browsers did not repeat SSL handshake if there is no valid
- client certificate in first handshake.
- Thanks to Alexander V. Inyukhin.
-
- *) Bugfix: if response code 495-497 was redirected via an "error_page"
- directive without code change, then nginx tried to allocate too many
- memory.
-
- *) Bugfix: memory leak in long-lived non buffered connections.
-
- *) Bugfix: memory leak in resolver.
-
- *) Bugfix: a segmentation fault occurred in worker process, if a request
- was redirected from proxy, FastCGI, or memcached location to static
- named locations.
-
- *) Bugfix: in the $proxy_host and $proxy_port variables caching.
- Thanks to Sergey Bochenkov.
-
- *) Bugfix: a "proxy_pass" directive with variables used incorrectly the
- same port as in another "proxy_pass" directive with the same host
- name and without variables.
- Thanks to Sergey Bochenkov.
-
- *) Bugfix: an alert "sendmsg() failed (9: Bad file descriptor)" on some
- 64-bit platforms while reconfiguration.
-
- *) Bugfix: a segmentation fault occurred in worker process, if empty
- stub block was used second time in SSI.
-
- *) Bugfix: in copying URI part contained escaped symbols into arguments.
-
-
-Changes with nginx 0.6.26 11 Feb 2008
-
- *) Bugfix: the "proxy_store" and "fastcgi_store" directives did not
- check a response length.
-
- *) Bugfix: a segmentation fault occurred in worker process, if big value
- was used in a "expires" directive.
- Thanks to Joaquin Cuenca Abela.
-
- *) Bugfix: nginx incorrectly detected cache line size on Pentium 4.
- Thanks to Gena Makhomed.
-
- *) Bugfix: in proxied or FastCGI subrequests a client original method
- was used instead of the GET method.
-
- *) Bugfix: socket leak in HTTPS mode if deferred accept was used.
- Thanks to Ben Maurer.
-
- *) Bugfix: nginx issued the bogus error message "SSL_shutdown() failed
- (SSL: )"; the bug had appeared in 0.6.23.
-
- *) Bugfix: in HTTPS mode requests might fail with the "bad write retry"
- error; the bug had appeared in 0.6.23.
-
-
-Changes with nginx 0.6.25 08 Jan 2008
-
- *) Change: now the "server_name_in_redirect" directive is used instead
- of the "server_name" directive's special "*" parameter.
-
- *) Change: now wildcard and regex names can be used as main name in a
- "server_name" directive.
-
- *) Change: the "satisfy_any" directive was replaced by the "satisfy"
- directive.
-
- *) Workaround: old worker processes might hog CPU after reconfiguration
- if they was run under Linux OpenVZ.
-
- *) Feature: the "min_delete_depth" directive.
-
- *) Bugfix: the COPY and MOVE methods did not work with single files.
-
- *) Bugfix: the ngx_http_gzip_static_module did not allow the
- ngx_http_dav_module to work; the bug had appeared in 0.6.23.
-
- *) Bugfix: socket leak in HTTPS mode if deferred accept was used.
- Thanks to Ben Maurer.
-
- *) Bugfix: nginx could not be built without PCRE library; the bug had
- appeared in 0.6.23.
-
-
-Changes with nginx 0.6.24 27 Dec 2007
-
- *) Bugfix: a segmentation fault might occur in worker process if HTTPS
- was used; the bug had appeared in 0.6.23.
-
-
-Changes with nginx 0.6.23 27 Dec 2007
-
- *) Change: the "off" parameter in the "ssl_session_cache" directive; now
- this is default parameter.
-
- *) Change: the "open_file_cache_retest" directive was renamed to the
- "open_file_cache_valid".
-
- *) Feature: the "open_file_cache_min_uses" directive.
-
- *) Feature: the ngx_http_gzip_static_module.
-
- *) Feature: the "gzip_disable" directive.
-
- *) Feature: the "memcached_pass" directive may be used inside the "if"
- block.
-
- *) Bugfix: a segmentation fault occurred in worker process, if the
- "memcached_pass" and "if" directives were used in the same location.
-
- *) Bugfix: if a "satisfy_any on" directive was used and not all access
- and auth modules directives were set, then other given access and
- auth directives were not tested;
-
- *) Bugfix: regex parameters in a "valid_referers" directive were not
- inherited from previous level.
-
- *) Bugfix: a "post_action" directive did run if a request was completed
- with 499 status code.
-
- *) Bugfix: optimization of 16K buffer usage in a SSL connection.
- Thanks to Ben Maurer.
-
- *) Bugfix: the STARTTLS in SMTP mode did not work.
- Thanks to Oleg Motienko.
-
- *) Bugfix: in HTTPS mode requests might fail with the "bad write retry"
- error; the bug had appeared in 0.5.13.
-
-
-Changes with nginx 0.6.22 19 Dec 2007
-
- *) Change: now all ngx_http_perl_module methods return values copied to
- perl's allocated memory.
-
- *) Bugfix: if nginx was built with ngx_http_perl_module, the perl before
- 5.8.6 was used, and perl supported threads, then during
- reconfiguration the master process aborted; the bug had appeared in
- 0.5.9.
- Thanks to Boris Zhmurov.
-
- *) Bugfix: the ngx_http_perl_module methods may get invalid values of
- the regex captures.
-
- *) Bugfix: a segmentation fault occurred in worker process, if the
- $r->has_request_body() method was called for a request whose small
- request body was already received.
-
- *) Bugfix: large_client_header_buffers did not freed before going to
- keep-alive state.
- Thanks to Olexander Shtepa.
-
- *) Bugfix: the last address was missed in the $upstream_addr variable;
- the bug had appeared in 0.6.18.
-
- *) Bugfix: the "fastcgi_catch_stderr" directive did return error code;
- now it returns 502 code, that can be rerouted to a next server using
- the "fastcgi_next_upstream invalid_header" directive.
-
- *) Bugfix: a segmentation fault occurred in master process if the
- "fastcgi_catch_stderr" directive was used; the bug had appeared in
- 0.6.10.
- Thanks to Manlio Perillo.
-
-
-Changes with nginx 0.6.21 03 Dec 2007
-
- *) Change: if variable values used in a "proxy_pass" directive contain
- IP-addresses only, then a "resolver" directive is not mandatory.
-
- *) Bugfix: a segmentation fault might occur in worker process if a
- "proxy_pass" directive with URI-part was used; the bug had appeared
- in 0.6.19.
-
- *) Bugfix: if resolver was used on platform that does not support
- kqueue, then nginx issued an alert "name is out of response".
- Thanks to Andrei Nigmatulin.
-
- *) Bugfix: if the $server_protocol was used in FastCGI parameters and a
- request line length was near to the "client_header_buffer_size"
- directive value, then nginx issued an alert "fastcgi: the request
- record is too big".
-
- *) Bugfix: if a plain text HTTP/0.9 version request was made to HTTPS
- server, then nginx returned usual response.
-
-
-Changes with nginx 0.6.20 28 Nov 2007
-
- *) Bugfix: a segmentation fault might occur in worker process if a
- "proxy_pass" directive with URI-part was used; the bug had appeared
- in 0.6.19.
-
-
-Changes with nginx 0.6.19 27 Nov 2007
-
- *) Bugfix: the 0.6.18 version could not be built.
-
-
-Changes with nginx 0.6.18 27 Nov 2007
-
- *) Change: now the ngx_http_userid_module adds start time microseconds
- to the cookie field contains a pid value.
-
- *) Change: now the full request line instead of URI only is written to
- error_log.
-
- *) Feature: variables support in the "proxy_pass" directive.
-
- *) Feature: the "resolver" and "resolver_timeout" directives.
-
- *) Feature: now the directive "add_header last-modified ''" deletes a
- "Last-Modified" response header line.
-
- *) Bugfix: the "limit_rate" directive did not allow to use full
- throughput, even if limit value was very high.
-
-
-Changes with nginx 0.6.17 15 Nov 2007
-
- *) Feature: the "If-Range" request header line support.
- Thanks to Alexander V. Inyukhin.
-
- *) Bugfix: URL double escaping in a redirect of the "msie_refresh"
- directive; the bug had appeared in 0.6.4.
-
- *) Bugfix: the "autoindex" directive did not work with the "alias /"
- directive.
-
- *) Bugfix: a segmentation fault might occur in worker process if
- subrequests were used.
-
- *) Bugfix: the big responses may be transferred truncated if SSL and
- gzip were used.
-
- *) Bugfix: the $status variable was equal to 0 if a proxied server
- returned response in HTTP/0.9 version.
-
-
-Changes with nginx 0.6.16 29 Oct 2007
-
- *) Change: now the uname(2) is used on Linux instead of procfs.
- Thanks to Ilya Novikov.
-
- *) Bugfix: if the "?" character was in a "error_page" directive, then it
- was escaped in a proxied request; the bug had appeared in 0.6.11.
-
- *) Bugfix: compatibility with mget.
-
-
-Changes with nginx 0.6.15 22 Oct 2007
-
- *) Feature: Cygwin compatibility.
- Thanks to Vladimir Kutakov.
-
- *) Feature: the "merge_slashes" directive.
-
- *) Feature: the "gzip_vary" directive.
-
- *) Feature: the "server_tokens" directive.
-
- *) Bugfix: nginx did not unescape URI in the "include" SSI command.
-
- *) Bugfix: the segmentation fault was occurred on start or while
- reconfiguration if variable was used in the "charset" or
- "source_charset" directives.
-
- *) Bugfix: nginx returned the 400 response on requests like
- "GET http://www.domain.com HTTP/1.0".
- Thanks to James Oakley.
-
- *) Bugfix: if request with request body was redirected using the
- "error_page" directive, then nginx tried to read the request body
- again; the bug had appeared in 0.6.7.
-
- *) Bugfix: a segmentation fault occurred in worker process if no
- server_name was explicitly defined for server processing request; the
- bug had appeared in 0.6.7.
-
-
-Changes with nginx 0.6.14 15 Oct 2007
-
- *) Change: now by default the "echo" SSI command uses entity encoding.
-
- *) Feature: the "encoding" parameter in the "echo" SSI command.
-
- *) Feature: the "access_log" directive may be used inside the
- "limit_except" block.
-
- *) Bugfix: if all upstream servers were failed, then all servers had got
- weight the was equal one until servers became alive; the bug had
- appeared in 0.6.6.
-
- *) Bugfix: a segmentation fault occurred in worker process if
- $date_local and $date_gmt were used outside the
- ngx_http_ssi_filter_module.
-
- *) Bugfix: a segmentation fault might occur in worker process if debug
- log was enabled.
- Thanks to Andrei Nigmatulin.
-
- *) Bugfix: ngx_http_memcached_module did not set
- $upstream_response_time.
- Thanks to Maxim Dounin.
-
- *) Bugfix: a worker process may got caught in an endless loop, if the
- memcached was used.
-
- *) Bugfix: nginx supported low case only "close" and "keep-alive" values
- in the "Connection" request header line; the bug had appeared in
- 0.6.11.
-
- *) Bugfix: sub_filter did not work with empty substitution.
-
- *) Bugfix: in sub_filter parsing.
-
-
-Changes with nginx 0.6.13 24 Sep 2007
-
- *) Bugfix: nginx did not close directory file on HEAD request if
- autoindex was used.
- Thanks to Arkadiusz Patyk.
-
-
-Changes with nginx 0.6.12 21 Sep 2007
-
- *) Change: mail proxy was split on three modules: pop3, imap and smtp.
-
- *) Feature: the --without-mail_pop3_module, --without-mail_imap_module,
- and --without-mail_smtp_module configuration parameters.
-
- *) Feature: the "smtp_greeting_delay" and "smtp_client_buffer"
- directives of the ngx_mail_smtp_module.
-
- *) Bugfix: the trailing wildcards did not work; the bug had appeared in
- 0.6.9.
-
- *) Bugfix: nginx could not start on Solaris if the shared PCRE library
- located in non-standard place was used.
-
- *) Bugfix: the "proxy_hide_header" and "fastcgi_hide_header" directives
- did not hide response header lines whose name was longer than 32
- characters.
- Thanks to Manlio Perillo.
-
-
-Changes with nginx 0.6.11 11 Sep 2007
-
- *) Bugfix: active connection counter always increased if mail proxy was
- used.
-
- *) Bugfix: if backend returned response header only using non-buffered
- proxy, then nginx closed backend connection on timeout.
-
- *) Bugfix: nginx did not support several "Connection" request header
- lines.
-
- *) Bugfix: if the "max_fails" was set for upstream server, then after
- first failure server weight was always one; the bug had appeared in
- 0.6.6.
-
-
-Changes with nginx 0.6.10 03 Sep 2007
-
- *) Feature: the "open_file_cache", "open_file_cache_retest", and
- "open_file_cache_errors" directives.
-
- *) Bugfix: socket leak; the bug had appeared in 0.6.7.
-
- *) Bugfix: a charset set by the "charset" directive was not appended to
- the "Content-Type" header set by $r->send_http_header().
-
- *) Bugfix: a segmentation fault might occur in worker process if
- /dev/poll method was used.
-
-
-Changes with nginx 0.6.9 28 Aug 2007
-
- *) Bugfix: a worker process may got caught in an endless loop, if the
- HTTPS protocol was used; the bug had appeared in 0.6.7.
-
- *) Bugfix: if server listened on two addresses or ports and trailing
- wildcard was used, then nginx did not run.
-
- *) Bugfix: the "ip_hash" directive might incorrectly mark servers as
- down.
-
- *) Bugfix: nginx could not be built on amd64; the bug had appeared in
- 0.6.8.
-
-
-Changes with nginx 0.6.8 20 Aug 2007
-
- *) Change: now nginx tries to set the "worker_priority",
- "worker_rlimit_nofile", "worker_rlimit_core", and
- "worker_rlimit_sigpending" without super-user privileges.
-
- *) Change: now nginx escapes space and "%" in request to a mail proxy
- authentication server.
-
- *) Change: now nginx escapes "%" in $memcached_key variable.
-
- *) Bugfix: nginx used path relative to configuration prefix for
- non-absolute configuration file path specified in the "-c" key; the
- bug had appeared in 0.6.6.
-
- *) Bugfix: nginx did not work on FreeBSD/sparc64.
-
-
-Changes with nginx 0.6.7 15 Aug 2007
-
- *) Change: now the paths specified in the "include",
- "auth_basic_user_file", "perl_modules", "ssl_certificate",
- "ssl_certificate_key", and "ssl_client_certificate" directives are
- relative to directory of nginx configuration file nginx.conf, but not
- to nginx prefix directory.
-
- *) Change: the --sysconfdir=PATH option in configure was canceled.
-
- *) Change: the special make target "upgrade1" was defined for online
- upgrade of 0.1.x versions.
-
- *) Feature: the "server_name" and "valid_referers" directives support
- regular expressions.
-
- *) Feature: the "server" directive in the "upstream" context supports
- the "backup" parameter.
-
- *) Feature: the ngx_http_perl_module supports the
- $r->discard_request_body.
-
- *) Feature: the "add_header Last-Modified ..." directive changes the
- "Last-Modified" response header line.
-
- *) Bugfix: if a response different than 200 was returned to a request
- with body and connection went to the keep-alive state after the
- request, then nginx returned 400 for the next request.
-
- *) Bugfix: a segmentation fault occurred in worker process if invalid
- address was set in the "auth_http" directive.
-
- *) Bugfix: now nginx uses default listen backlog value 511 on all
- platforms except FreeBSD.
- Thanks to Jiang Hong.
-
- *) Bugfix: a worker process may got caught in an endless loop, if a
- "server" inside "upstream" block was marked as "down"; the bug had
- appeared in 0.6.6.
-
- *) Bugfix: now Solaris sendfilev() is not used to transfer the client
- request body to FastCGI-server via the unix domain socket.
-
-
-Changes with nginx 0.6.6 30 Jul 2007
-
- *) Feature: the --sysconfdir=PATH option in configure.
-
- *) Feature: named locations.
-
- *) Feature: the $args variable can be set with the "set" directive.
-
- *) Feature: the $is_args variable.
-
- *) Bugfix: fair big weight upstream balancer.
-
- *) Bugfix: if a client has closed connection to mail proxy then nginx
- might not close connection to backend.
-
- *) Bugfix: if the same host without specified port was used as backend
- for HTTP and HTTPS, then nginx used only one port - 80 or 443.
-
- *) Bugfix: fix building on Solaris/amd64 by Sun Studio 11 and early
- versions; the bug had appeared in 0.6.4.
-
-
-Changes with nginx 0.6.5 23 Jul 2007
-
- *) Feature: $nginx_version variable.
- Thanks to Nick S. Grechukh.
-
- *) Feature: the mail proxy supports AUTHENTICATE in IMAP mode.
- Thanks to Maxim Dounin.
-
- *) Feature: the mail proxy supports STARTTLS in SMTP mode.
- Thanks to Maxim Dounin.
-
- *) Bugfix: now nginx escapes space in $memcached_key variable.
-
- *) Bugfix: nginx was incorrectly built by Sun Studio on Solaris/amd64.
- Thanks to Jiang Hong.
-
- *) Bugfix: of minor potential bugs.
- Thanks to Coverity's Scan.
-
-
-Changes with nginx 0.6.4 17 Jul 2007
-
- *) Security: the "msie_refresh" directive allowed XSS.
- Thanks to Maxim Boguk.
-
- *) Change: the "proxy_store" and "fastcgi_store" directives were
- changed.
-
- *) Feature: the "proxy_store_access" and "fastcgi_store_access"
- directives.
-
- *) Bugfix: nginx did not work on Solaris/sparc64 if it was built by Sun
- Studio.
- Thanks to Andrei Nigmatulin.
-
- *) Workaround: for Sun Studio 12.
- Thanks to Jiang Hong.
-
-
-Changes with nginx 0.6.3 12 Jul 2007
-
- *) Feature: the "proxy_store" and "fastcgi_store" directives.
-
- *) Bugfix: a segmentation fault might occur in worker process if the
- "auth_http_header" directive was used.
- Thanks to Maxim Dounin.
-
- *) Bugfix: a segmentation fault occurred in worker process if the
- CRAM-MD5 authentication method was used, but it was not enabled.
-
- *) Bugfix: a segmentation fault might occur in worker process when the
- HTTPS protocol was used in the "proxy_pass" directive.
-
- *) Bugfix: a segmentation fault might occur in worker process if the
- eventport method was used.
-
- *) Bugfix: the "proxy_ignore_client_abort" and
- "fastcgi_ignore_client_abort" directives did not work; the bug had
- appeared in 0.5.13.
-
-
-Changes with nginx 0.6.2 09 Jul 2007
-
- *) Bugfix: if the FastCGI header was split in records, then nginx passed
- garbage in the header to a client.
-
-
-Changes with nginx 0.6.1 17 Jun 2007
-
- *) Bugfix: in SSI parsing.
-
- *) Bugfix: if remote SSI subrequest was used, then posterior local file
- subrequest might transferred to client in wrong order.
-
- *) Bugfix: large SSI inclusions buffered in temporary files were
- truncated.
-
- *) Bugfix: the perl $$ variable value in ngx_http_perl_module was equal
- to the master process identification number.
-
-
-Changes with nginx 0.6.0 14 Jun 2007
-
- *) Feature: the "server_name", "map", and "valid_referers" directives
- support the "www.example.*" wildcards.
-
-
-Changes with nginx 0.5.25 11 Jun 2007
-
- *) Bugfix: nginx could not be built with the
- --without-http_rewrite_module parameter; the bug had appeared in
- 0.5.24.
-
-
-Changes with nginx 0.5.24 06 Jun 2007
-
- *) Security: the "ssl_verify_client" directive did not work if request
- was made using HTTP/0.9.
-
- *) Bugfix: a part of response body might be passed uncompressed if gzip
- was used; the bug had appeared in 0.5.23.
-
-
-Changes with nginx 0.5.23 04 Jun 2007
-
- *) Feature: the ngx_http_ssl_module supports Server Name Indication TLS
- extension.
-
- *) Feature: the "fastcgi_catch_stderr" directive.
- Thanks to Nick S. Grechukh, OWOX project.
-
- *) Bugfix: a segmentation fault occurred in master process if two
- virtual servers should bind() to the overlapping ports.
-
- *) Bugfix: if nginx was built with ngx_http_perl_module and perl
- supported threads, then during second reconfiguration the error
- messages "panic: MUTEX_LOCK" and "perl_parse() failed" were issued.
-
- *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive.
-
-
-Changes with nginx 0.5.22 29 May 2007
-
- *) Bugfix: a big request body might not be passed to backend; the bug
- had appeared in 0.5.21.
-
-
-Changes with nginx 0.5.21 28 May 2007
-
- *) Bugfix: if server has more than about ten locations, then regex
- locations might be chosen not in that order as they were specified.
-
- *) Bugfix: a worker process may got caught in an endless loop on 64-bit
- platform, if the 33-rd or next in succession backend has failed.
- Thanks to Anton Povarov.
-
- *) Bugfix: a bus error might occur on Solaris/sparc64 if the PCRE
- library was used.
- Thanks to Andrei Nigmatulin.
-
- *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive.
-
-
-Changes with nginx 0.5.20 07 May 2007
-
- *) Feature: the "sendfile_max_chunk" directive.
-
- *) Feature: the "$http_...", "$sent_http_...", and "$upstream_http_..."
- variables may be changed using the "set" directive.
-
- *) Bugfix: a segmentation fault might occur in worker process if the SSI
- command 'if expr="$var = /"' was used.
-
- *) Bugfix: trailing boundary of multipart range response was transferred
- incorrectly.
- Thanks to Evan Miller.
-
- *) Bugfix: nginx did not work on Solaris/sparc64 if it was built by Sun
- Studio.
- Thanks to Andrei Nigmatulin.
-
- *) Bugfix: the ngx_http_perl_module could not be built by Solaris make.
- Thanks to Andrei Nigmatulin.
-
-
-Changes with nginx 0.5.19 24 Apr 2007
-
- *) Change: now the $request_time variable has millisecond precision.
-
- *) Change: the method $r->rflush of ngx_http_perl_module was renamed to
- the $r->flush.
-
- *) Feature: the $upstream_addr variable.
-
- *) Feature: the "proxy_headers_hash_max_size" and
- "proxy_headers_hash_bucket_size" directives.
- Thanks to Volodymyr Kostyrko.
-
- *) Bugfix: the files more than 2G could not be transferred using
- sendfile and limit_rate on 64-bit platforms.
-
- *) Bugfix: the files more than 2G could not be transferred using
- sendfile on 64-bit Linux.
-
-
-Changes with nginx 0.5.18 19 Apr 2007
-
- *) Feature: the ngx_http_sub_filter_module.
-
- *) Feature: the "$upstream_http_..." variables.
-
- *) Feature: now the $upstream_status and $upstream_response_time
- variables keep data about all upstreams before X-Accel-Redirect.
-
- *) Bugfix: a segmentation fault occurred in master process after first
- reconfiguration and receiving any signal if nginx was built with
- ngx_http_perl_module and perl did not support multiplicity; the bug
- had appeared in 0.5.9.
-
- *) Bugfix: if perl did not support multiplicity, then after
- reconfiguration perl code did not work; the bug had appeared in
- 0.3.38.
-
-
-Changes with nginx 0.5.17 02 Apr 2007
-
- *) Change: now nginx always returns the 405 status for the TRACE method.
-
- *) Feature: now nginx supports the "include" directive inside the
- "types" block.
-
- *) Bugfix: the $document_root variable usage in the "root" and "alias"
- directives is disabled: this caused recursive stack overflow.
-
- *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive.
-
- *) Bugfix: in some cases non-cacheable variables (such as $uri variable)
- returned old cached value.
-
-
-Changes with nginx 0.5.16 26 Mar 2007
-
- *) Bugfix: the C-class network was not used as hash key in the "ip_hash"
- directive.
- Thanks to Pavel Yarkovoy.
-
- *) Bugfix: a segmentation fault might occur in worker process if a
- charset was set in the "Content-Type" header line and the line has
- trailing ";"; the bug had appeared in 0.3.50.
-
- *) Bugfix: the "[alert] zero size buf" error when FastCGI server was
- used and a request body written in a temporary file was multiple of
- 32K.
-
- *) Bugfix: nginx could not be built on Solaris without the --with-debug
- option; the bug had appeared in 0.5.15.
-
-
-Changes with nginx 0.5.15 19 Mar 2007
-
- *) Feature: the mail proxy supports authenticated SMTP proxying and the
- "smtp_auth", "smtp_capabilities", and "xclient" directives.
- Thanks to Anton Yuzhaninov and Maxim Dounin.
-
- *) Feature: now the keep-alive connections are closed just after
- receiving the reconfiguration signal.
-
- *) Change: the "imap" and "auth" directives were renamed to the "mail"
- and "pop3_auth" directives.
-
- *) Bugfix: a segmentation fault occurred in worker process if the
- CRAM-MD5 authentication method was used and the APOP method was
- disabled.
-
- *) Bugfix: if the "starttls only" directive was used in POP3 protocol,
- then nginx allowed authentication without switching to the SSL mode.
-
- *) Bugfix: worker processes did not exit after reconfiguration and did
- not rotate logs if the eventport method was used.
-
- *) Bugfix: a worker process may got caught in an endless loop, if the
- "ip_hash" directive was used.
-
- *) Bugfix: now nginx does not log some alerts if eventport or /dev/poll
- methods are used.
-
-
-Changes with nginx 0.5.14 23 Feb 2007
-
- *) Bugfix: nginx ignored superfluous closing "}" in the end of
- configuration file.
-
-
-Changes with nginx 0.5.13 19 Feb 2007
-
- *) Feature: the COPY and MOVE methods.
-
- *) Bugfix: the ngx_http_realip_module set garbage for requests passed
- via keep-alive connection.
-
- *) Bugfix: nginx did not work on big-endian 64-bit Linux.
- Thanks to Andrei Nigmatulin.
-
- *) Bugfix: now when IMAP/POP3 proxy receives too long command it closes
- the connection right away, but not after timeout.
-
- *) Bugfix: if the "epoll" method was used and a client closed a
- connection prematurely, then nginx closed the connection after a send
- timeout only.
-
- *) Bugfix: nginx could not be built on platforms different from i386,
- amd64, sparc, and ppc; the bug had appeared in 0.5.8.
-
-
-Changes with nginx 0.5.12 12 Feb 2007
-
- *) Bugfix: nginx could not be built on platforms different from i386,
- amd64, sparc, and ppc; the bug had appeared in 0.5.8.
-
- *) Bugfix: a segmentation fault might occur in worker process if the
- temporary files were used while working with FastCGI server; the bug
- had appeared in 0.5.8.
-
- *) Bugfix: a segmentation fault might occur in worker process if the
- $fastcgi_script_name variable was logged.
-
- *) Bugfix: ngx_http_perl_module could not be built on Solaris.
-
-
-Changes with nginx 0.5.11 05 Feb 2007
-
- *) Feature: now configure detects system PCRE library in MacPorts.
- Thanks to Chris McGrath.
-
- *) Bugfix: the response was incorrect if several ranges were requested;
- the bug had appeared in 0.5.6.
-
- *) Bugfix: the "create_full_put_path" directive could not create the
- intermediate directories if no "dav_access" directive was set.
- Thanks to Evan Miller.
-
- *) Bugfix: the "0" response code might be logged in the access_log
- instead of the "400" and "408" error codes.
-
- *) Bugfix: a segmentation fault might occur in worker process if nginx
- was built with -O2 optimization.
-
-
-Changes with nginx 0.5.10 26 Jan 2007
-
- *) Bugfix: while online executable file upgrade the new master process
- did not inherit the listening sockets; the bug had appeared in 0.5.9.
-
- *) Bugfix: a segmentation fault might occur in worker process if nginx
- was built with -O2 optimization; the bug had appeared in 0.5.1.
-
-
-Changes with nginx 0.5.9 25 Jan 2007
-
- *) Change: now the ngx_http_memcached_module uses the $memcached_key
- variable value as a key.
-
- *) Feature: the $memcached_key variable.
-
- *) Feature: the "clean" parameter in the "client_body_in_file_only"
- directive.
-
- *) Feature: the "env" directive.
-
- *) Feature: the "sendfile" directive is available inside the "if" block.
-
- *) Feature: now on failure of the writing to access nginx logs a message
- to error_log, but not more often than once a minute.
-
- *) Bugfix: the "access_log off" directive did not always turn off the
- logging.
-
-
-Changes with nginx 0.5.8 19 Jan 2007
-
- *) Bugfix: a segmentation fault might occur if
- "client_body_in_file_only on" was used and a request body was small.
-
- *) Bugfix: a segmentation fault occurred if
- "client_body_in_file_only on" and "proxy_pass_request_body off" or
- "fastcgi_pass_request_body off" directives were used, and nginx
- switched to a next upstream.
-
- *) Bugfix: if the "proxy_buffering off" directive was used and a client
- connection was non-active, then the connection was closed after send
- timeout; the bug had appeared in 0.4.7.
-
- *) Bugfix: if the "epoll" method was used and a client closed a
- connection prematurely, then nginx closed the connection after a send
- timeout only.
-
- *) Bugfix: the "[alert] zero size buf" error when FastCGI server was
- used.
-
- *) Bugfixes in the "limit_zone" directive.
-
-
-Changes with nginx 0.5.7 15 Jan 2007
-
- *) Feature: the ssl_session_cache storage optimization.
-
- *) Bugfixes in the "ssl_session_cache" and "limit_zone" directives.
-
- *) Bugfix: the segmentation fault was occurred on start or while
- reconfiguration if the "ssl_session_cache" or "limit_zone" directives
- were used on 64-bit platforms.
-
- *) Bugfix: a segmentation fault occurred if the "add_before_body" or
- "add_after_body" directives were used and there was no "Content-Type"
- header line in response.
-
- *) Bugfix: the OpenSSL library was always built with the threads
- support.
- Thanks to Den Ivanov.
-
- *) Bugfix: the PCRE-6.5+ library and the icc compiler compatibility.
-
-
-Changes with nginx 0.5.6 09 Jan 2007
-
- *) Change: now the ngx_http_index_module ignores all methods except the
- GET, HEAD, and POST methods.
-
- *) Feature: the ngx_http_limit_zone_module.
-
- *) Feature: the $binary_remote_addr variable.
-
- *) Feature: the "ssl_session_cache" directives of the
- ngx_http_ssl_module and ngx_imap_ssl_module.
-
- *) Feature: the DELETE method supports recursive removal.
-
- *) Bugfix: the byte-ranges were transferred incorrectly if the
- $r->sendfile() was used.
-
-
-Changes with nginx 0.5.5 24 Dec 2006
-
- *) Change: the -v switch does not show compiler information any more.
-
- *) Feature: the -V switch.
-
- *) Feature: the "worker_rlimit_core" directive supports size in K, M,
- and G.
-
- *) Bugfix: the nginx.pm module now could be installed by an unprivileged
- user.
-
- *) Bugfix: a segmentation fault might occur if the $r->request_body or
- $r->request_body_file methods were used.
-
- *) Bugfix: the ppc platform specific bugs.
-
-
-Changes with nginx 0.5.4 15 Dec 2006
-
- *) Feature: the "perl" directive may be used inside the "limit_except"
- block.
-
- *) Bugfix: the ngx_http_dav_module required the "Date" request header
- line for the DELETE method.
-
- *) Bugfix: if one only parameter was used in the "dav_access" directive,
- then nginx might report about configuration error.
-
- *) Bugfix: a segmentation fault might occur if the $host variable was
- used; the bug had appeared in 0.4.14.
-
-
-Changes with nginx 0.5.3 13 Dec 2006
-
- *) Feature: the ngx_http_perl_module supports the $r->status,
- $r->log_error, and $r->sleep methods.
-
- *) Feature: the $r->variable method supports variables that do not exist
- in nginx configuration.
-
- *) Bugfix: the $r->has_request_body method did not work.
-
-
-Changes with nginx 0.5.2 11 Dec 2006
-
- *) Bugfix: if the "proxy_pass" directive used the name of the "upstream"
- block, then nginx tried to resolve the name; the bug had appeared in
- 0.5.1.
-
-
-Changes with nginx 0.5.1 11 Dec 2006
-
- *) Bugfix: the "post_action" directive might not run after a
- unsuccessful completion of a request.
-
- *) Workaround: for Eudora for Mac; the bug had appeared in 0.4.11.
- Thanks to Bron Gondwana.
-
- *) Bugfix: if the "upstream" name was used in the "fastcgi_pass", then
- the message "no port in upstream" was issued; the bug had appeared in
- 0.5.0.
-
- *) Bugfix: if the "proxy_pass" and "fastcgi_pass" directives used the
- same servers but different ports, then these directives uses the
- first described port; the bug had appeared in 0.5.0.
-
- *) Bugfix: if the "proxy_pass" and "fastcgi_pass" directives used the
- unix domain sockets, then these directives used first described
- socket; the bug had appeared in 0.5.0.
-
- *) Bugfix: ngx_http_auth_basic_module ignored the user if it was in the
- last line in the password file and there was no the carriage return,
- the line feed, or the ":" symbol after the password.
-
- *) Bugfix: the $upstream_response_time variable might be equal to
- "0.000", although response time was more than 1 millisecond.
-
-
-Changes with nginx 0.5.0 04 Dec 2006
-
- *) Change: the parameters in the "%name" form in the "log_format"
- directive are not supported anymore.
-
- *) Change: the "proxy_upstream_max_fails",
- "proxy_upstream_fail_timeout", "fastcgi_upstream_max_fails",
- "fastcgi_upstream_fail_timeout", "memcached_upstream_max_fails", and
- "memcached_upstream_fail_timeout" directives are not supported
- anymore.
-
- *) Feature: the "server" directive in the "upstream" context supports
- the "max_fails", "fail_timeout", and "down" parameters.
-
- *) Feature: the "ip_hash" directive inside the "upstream" block.
-
- *) Feature: the WAIT status in the "Auth-Status" header line of the
- IMAP/POP3 proxy authentication server response.
-
- *) Bugfix: nginx could not be built on 64-bit platforms; the bug had
- appeared in 0.4.14.
-
-
-Changes with nginx 0.4.14 27 Nov 2006
-
- *) Feature: the "proxy_pass_error_message" directive in IMAP/POP3 proxy.
-
- *) Feature: now configure detects system PCRE library on FreeBSD, Linux,
- and NetBSD.
-
- *) Bugfix: ngx_http_perl_module did not work with perl built with the
- threads support; the bug had appeared in 0.3.38.
-
- *) Bugfix: ngx_http_perl_module did not work if perl was called
- recursively.
-
- *) Bugfix: nginx ignored a host name in a request line.
-
- *) Bugfix: a worker process may got caught in an endless loop, if a
- FastCGI server sent too many data to the stderr.
-
- *) Bugfix: the $upstream_response_time variable may be negative if the
- system time was changed backward.
-
- *) Bugfix: the "Auth-Login-Attempt" parameter was not sent to IMAP/POP3
- proxy authentication server when POP3 was used.
-
- *) Bugfix: a segmentation fault might occur if connect to IMAP/POP3
- proxy authentication server failed.
-
-
-Changes with nginx 0.4.13 15 Nov 2006
-
- *) Feature: the "proxy_pass" directive may be used inside the
- "limit_except" block.
-
- *) Feature: the "limit_except" directive supports all WebDAV methods.
-
- *) Bugfix: if the "add_before_body" directive was used without the
- "add_after_body" directive, then a response did not transferred
- complete.
-
- *) Bugfix: a large request body did not receive if the epoll method and
- the deferred accept() were used.
-
- *) Bugfix: a charset could not be set for ngx_http_autoindex_module
- responses; the bug had appeared in 0.3.50.
-
- *) Bugfix: the "[alert] zero size buf" error when FastCGI server was
- used;
-
- *) Bugfix: the --group= configuration parameter was ignored.
- Thanks to Thomas Moschny.
-
- *) Bugfix: the 50th subrequest in SSI response did not work; the bug had
- appeared in 0.3.50.
-
-
-Changes with nginx 0.4.12 31 Oct 2006
-
- *) Feature: the ngx_http_perl_module supports the $r->variable method.
-
- *) Bugfix: if a big static file was included using SSI in a response,
- then the response may be transferred incomplete.
-
- *) Bugfix: nginx did not omit the "#fragment" part in URI.
-
-
-Changes with nginx 0.4.11 25 Oct 2006
-
- *) Feature: the POP3 proxy supports the AUTH LOGIN PLAIN and CRAM-MD5.
-
- *) Feature: the ngx_http_perl_module supports the $r->allow_ranges
- method.
-
- *) Bugfix: if the APOP was enabled in the POP3 proxy, then the USER/PASS
- commands might not work; the bug had appeared in 0.4.10.
-
-
-Changes with nginx 0.4.10 23 Oct 2006
-
- *) Feature: the POP3 proxy supports the APOP command.
-
- *) Bugfix: if the select, poll or /dev/poll methods were used, then
- while waiting authentication server response the IMAP/POP3 proxy
- hogged CPU.
-
- *) Bugfix: a segmentation fault might occur if the $server_addr variable
- was used in the "map" directive.
-
- *) Bugfix: the ngx_http_flv_module did not support the byte ranges for
- full responses; the bug had appeared in 0.4.7.
-
- *) Bugfix: nginx could not be built on Debian amd64; the bug had
- appeared in 0.4.9.
-
-
-Changes with nginx 0.4.9 13 Oct 2006
-
- *) Feature: the "set" parameter in the "include" SSI command.
-
- *) Feature: the ngx_http_perl_module now tests the nginx.pm module
- version.
-
-
-Changes with nginx 0.4.8 11 Oct 2006
-
- *) Bugfix: if an "include" SSI command were before another "include" SSI
- command with a "wait" parameter, then the "wait" parameter might not
- work.
-
- *) Bugfix: the ngx_http_flv_module added the FLV header to the full
- responses.
- Thanks to Alexey Kovyrin.
-
-
-Changes with nginx 0.4.7 10 Oct 2006
-
- *) Feature: the ngx_http_flv_module.
-
- *) Feature: the $request_body_file variable.
-
- *) Feature: the "charset" and "source_charset" directives support the
- variables.
-
- *) Bugfix: if an "include" SSI command were before another "include" SSI
- command with a "wait" parameter, then the "wait" parameter might not
- work.
-
- *) Bugfix: if the "proxy_buffering off" directive was used or while
- working with memcached the connections might not be closed on
- timeout.
-
- *) Bugfix: nginx did not run on 64-bit platforms except amd64, sparc64,
- and ppc64.
-
-
-Changes with nginx 0.4.6 06 Oct 2006
-
- *) Bugfix: nginx did not run on 64-bit platforms except amd64, sparc64,
- and ppc64.
-
- *) Bugfix: nginx sent the chunked response for HTTP/1.1 request,
- if its length was set by text string in the
- $r->headers_out("Content-Length", ...) method.
-
- *) Bugfix: after redirecting error by an "error_page" directive any
- ngx_http_rewrite_module directive returned this error code; the bug
- had appeared in 0.4.4.
-
-
-Changes with nginx 0.4.5 02 Oct 2006
-
- *) Bugfix: nginx could not be built on Linux and Solaris; the bug had
- appeared in 0.4.4.
-
-
-Changes with nginx 0.4.4 02 Oct 2006
-
- *) Feature: the $scheme variable.
-
- *) Feature: the "expires" directive supports the "max" parameter.
-
- *) Feature: the "include" directive supports the "*" mask.
- Thanks to Jonathan Dance.
-
- *) Bugfix: the "return" directive always overrode the "error_page"
- response code redirected by the "error_page" directive.
-
- *) Bugfix: a segmentation fault occurred if zero-length body was in PUT
- method.
-
- *) Bugfix: the redirect was changed incorrectly if the variables were
- used in the "proxy_redirect" directive.
-
-
-Changes with nginx 0.4.3 26 Sep 2006
-
- *) Change: now the 499 error could not be redirected using an
- "error_page" directive.
-
- *) Feature: the Solaris 10 event ports support.
-
- *) Feature: the ngx_http_browser_module.
-
- *) Bugfix: a segmentation fault may occur while redirecting the 400
- error to the proxied server using a "proxy_pass" directive.
-
- *) Bugfix: a segmentation fault occurred if an unix domain socket was
- used in a "proxy_pass" directive; the bug had appeared in 0.3.47.
-
- *) Bugfix: SSI did work with memcached and nonbuffered responses.
-
- *) Workaround: of the Sun Studio PAUSE hardware capability bug.
-
-
-Changes with nginx 0.4.2 14 Sep 2006
-
- *) Bugfix: the O_NOATIME flag support on Linux was canceled; the bug had
- appeared in 0.4.1.
-
-
-Changes with nginx 0.4.1 14 Sep 2006
-
- *) Bugfix: the DragonFlyBSD compatibility.
- Thanks to Pavel Nazarov.
-
- *) Workaround: of bug in 64-bit Linux sendfile(), when file is more than
- 2G.
-
- *) Feature: now on Linux nginx uses O_NOATIME flag for static requests.
- Thanks to Yusuf Goolamabbas.
-
-
-Changes with nginx 0.4.0 30 Aug 2006
-
- *) Change in internal API: the HTTP modules initialization was moved
- from the init module phase to the HTTP postconfiguration phase.
-
- *) Change: now the request body is not read beforehand for the
- ngx_http_perl_module: it's required to start the reading using the
- $r->has_request_body method.
-
- *) Feature: the ngx_http_perl_module supports the DECLINED return code.
-
- *) Feature: the ngx_http_dav_module supports the incoming "Date" header
- line for the PUT method.
-
- *) Feature: the "ssi" directive is available inside the "if" block.
-
- *) Bugfix: a segmentation fault occurred if there was an "index"
- directive with variables and the first index name was without
- variables; the bug had appeared in 0.1.29.
-
-
-Changes with nginx 0.3.61 28 Aug 2006
-
- *) Change: now the "tcp_nodelay" directive is turned on by default.
-
- *) Feature: the "msie_refresh" directive.
-
- *) Feature: the "recursive_error_pages" directive.
-
- *) Bugfix: the "rewrite" directive returned incorrect redirect, if the
- redirect had the captured escaped symbols from original URI.
-
-
-Changes with nginx 0.3.60 18 Aug 2006
-
- *) Bugfix: a worker process may got caught in an endless loop while an
- error redirection; the bug had appeared in 0.3.59.
-
-
-Changes with nginx 0.3.59 16 Aug 2006
-
- *) Feature: now is possible to do several redirection using the
- "error_page" directive.
-
- *) Bugfix: the "dav_access" directive did not support three parameters.
-
- *) Bugfix: the "error_page" directive did not changes the "Content-Type"
- header line after the "X-Accel-Redirect" was used; the bug had
- appeared in 0.3.58.
-
-
-Changes with nginx 0.3.58 14 Aug 2006
-
- *) Feature: the "error_page" directive supports the variables.
-
- *) Change: now the procfs interface instead of sysctl is used on Linux.
-
- *) Change: now the "Content-Type" header line is inherited from first
- response when the "X-Accel-Redirect" was used.
-
- *) Bugfix: the "error_page" directive did not redirect the 413 error.
-
- *) Bugfix: the trailing "?" did not remove old arguments if no new
- arguments were added to a rewritten URI.
-
- *) Bugfix: nginx could not run on 64-bit FreeBSD 7.0-CURRENT.
-
-
-Changes with nginx 0.3.57 09 Aug 2006
-
- *) Feature: the $ssl_client_serial variable.
-
- *) Bugfix: in the "!-e" operator of the "if" directive.
- Thanks to Andrian Budanstov.
-
- *) Bugfix: while a client certificate verification nginx did not send to
- a client the required certificates information.
-
- *) Bugfix: the $document_root variable did not support the variables in
- the "root" directive.
-
-
-Changes with nginx 0.3.56 04 Aug 2006
-
- *) Feature: the "dav_access" directive.
-
- *) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e",
- "-x", and "!-x" operators.
-
- *) Bugfix: a segmentation fault occurred if a request returned a
- redirect and some sent to client header lines were logged in the
- access log.
-
-
-Changes with nginx 0.3.55 28 Jul 2006
-
- *) Feature: the "stub" parameter in the "include" SSI command.
-
- *) Feature: the "block" SSI command.
-
- *) Feature: the unicode2nginx script was added to contrib.
-
- *) Bugfix: if a "root" was specified by variable only, then the root was
- relative to a server prefix.
-
- *) Bugfix: if the request contained "//" or "/./" and escaped symbols
- after them, then the proxied request was sent unescaped.
-
- *) Bugfix: the $r->header_in("Cookie") of the ngx_http_perl_module now
- returns all "Cookie" header lines.
-
- *) Bugfix: a segmentation fault occurred if
- "client_body_in_file_only on" was used and nginx switched to a next
- upstream.
-
- *) Bugfix: on some condition while reconfiguration character codes
- inside the "charset_map" may be treated invalid; the bug had appeared
- in 0.3.50.
-
-
-Changes with nginx 0.3.54 11 Jul 2006
-
- *) Feature: nginx now logs the subrequest information to the error log.
-
- *) Feature: the "proxy_next_upstream", "fastcgi_next_upstream", and
- "memcached_next_upstream" directives support the "off" parameter.
-
- *) Feature: the "debug_connection" directive supports the CIDR address
- form.
-
- *) Bugfix: if a response of proxied server or FastCGI server was
- converted from UTF-8 or back, then it may be transferred incomplete.
-
- *) Bugfix: the $upstream_response_time variable had the time of the
- first request to a backend only.
-
- *) Bugfix: nginx could not be built on amd64 platform; the bug had
- appeared in 0.3.53.
-
-
-Changes with nginx 0.3.53 07 Jul 2006
-
- *) Change: the "add_header" directive adds the string to 204, 301, and
- 302 responses.
-
- *) Feature: the "server" directive in the "upstream" context supports
- the "weight" parameter.
-
- *) Feature: the "server_name" directive supports the "*" wildcard.
-
- *) Feature: nginx supports the request body size more than 2G.
-
- *) Bugfix: if a client was successfully authorized using "satisfy_any
- on", then anyway the message "access forbidden by rule" was written
- in the log.
-
- *) Bugfix: the "PUT" method may erroneously not create a file and return
- the 409 code.
-
- *) Bugfix: if the IMAP/POP3 backend returned an error, then nginx
- continued proxying anyway.
-
-
-Changes with nginx 0.3.52 03 Jul 2006
-
- *) Change: the ngx_http_index_module behavior for the "POST /" requests
- is reverted to the 0.3.40 version state: the module now does not
- return the 405 error.
-
- *) Bugfix: the worker process may got caught in an endless loop if the
- limit rate was used; the bug had appeared in 0.3.37.
-
- *) Bugfix: ngx_http_charset_module logged "unknown charset" alert, even
- if the recoding was not needed; the bug had appeared in 0.3.50.
-
- *) Bugfix: if a code response of the PUT request was 409, then a
- temporary file was not removed.
-
-
-Changes with nginx 0.3.51 30 Jun 2006
-
- *) Bugfix: the "<" symbols might disappeared some conditions in the SSI;
- the bug had appeared in 0.3.50.
-
-
-Changes with nginx 0.3.50 28 Jun 2006
-
- *) Change: the "proxy_redirect_errors" and "fastcgi_redirect_errors"
- directives was renamed to the "proxy_intercept_errors" and
- "fastcgi_intercept_errors" directives.
-
- *) Feature: the ngx_http_charset_module supports the recoding from the
- single byte encodings to the UTF-8 encoding and back.
-
- *) Feature: the "X-Accel-Charset" response header line is supported in
- proxy and FastCGI mode.
-
- *) Bugfix: the "\" escape symbol in the "\"" and "\'" pairs in the SSI
- command was removed only if the command also has the "$" symbol.
-
- *) Bugfix: the "
+
+
+
+если в ответе проксированного сервера или FastCGI сервера была строка
+"Cache-Control", то при использовании директивы expires происходил
+segmentation fault или рабочий процесс мог зациклится;
+в режиме прокси ошибка появилась в 0.1.29.
+
+
+the segmentation fault occurred or the worker process may got caught
+in an endless loop if the proxied or FastCGI server sent the "Cache-Control"
+header line and the "expires" directive was used;
+in the proxied mode the bug had appeared in 0.1.29.
+
+
+
+
+
+
+
+
+
+
+если URI запроса получался нулевой длины после обработки модулем
+ngx_http_rewrite_module, то в модуле ngx_http_proxy_module происходил
+segmentation fault или bus error.
+
+
+if the request URI had a zero length after the processing in
+the ngx_http_proxy_module, then the segmentation fault or bus error occurred
+in the ngx_http_proxy_module.
+
+
+
+
+
+директива limit_rate не работала внутри блока if;
+ошибка появилась в 0.1.38.
+
+
+the "limit_rate" directive did not work inside the "if" block;
+the bug had appeared in 0.1.38.
+
+
+
+
+
+
+
+
+
+
+если переменная использовалась в файле конфигурации,
+то она не могла использоваться в SSI.
+
+
+if the variable was used in the configuration file,
+then it can not be used in SSI.
+
+
+
+
+
+
+
+
+
+
+если клиент слал очень длинную строку заголовка, то в логе не помещалась
+информация, связанная с этим запросом.
+
+
+if a client sent too long header line, then the request information
+did not logged in the error log.
+
+
+
+
+
+при использовании "X-Accel-Redirect" не передавалась строка "Set-Cookie";
+ошибка появилась в 0.1.39.
+
+
+the "Set-Cookie" header line was not transferred when the "X-Accel-Redirect"
+was used;
+the bug had appeared in 0.1.39.
+
+
+
+
+
+при использовании "X-Accel-Redirect" не передавалась строка
+"Content-Disposition".
+
+
+the "Content-Disposition" header line was not transferred when
+the "X-Accel-Redirect" was used.
+
+
+
+
+
+по сигналу SIGQUIT основной процесс не закрывал сокеты, на которых он слушал.
+
+
+the master process did not close the listen socket on the SIGQUIT signal.
+
+
+
+
+
+после обновления исполняемого файла на лету на Linux и Solaris
+название процесса в команде ps становилось короче.
+
+
+after on-line upgrade on Linux and Solaris the process name
+became shorter in the "ps" command.
+
+
+
+
+
+
+
+
+
+
+Изменения в модуле ngx_http_charset_module:
+директива default_charset упразднена;
+директива charset задаёт кодировку ответа;
+директива source_charset задаёт только исходную кодировку.
+
+
+The changes in the ngx_http_charset_module:
+the "default_charset" directive was canceled;
+the "charset" directive sets the response charset;
+the "source_charset" directive sets the source charset only.
+
+
+
+
+
+при перенаправлении ошибки 401, полученной от бэкенда, не передавалась
+строка заголовка "WWW-Authenticate".
+
+
+the backend "WWW-Authenticate" header line did not transferred while
+the 401 response code redirecting.
+
+
+
+
+
+модули ngx_http_proxy_module и ngx_http_fastcgi_module могли закрыть
+соединение до того, как что-нибудь было передано клиенту;
+ошибка появилась в 0.1.38.
+
+
+the ngx_http_proxy_module and ngx_http_fastcgi_module may close
+a connection before anything was transferred to a client;
+the bug had appeared in 0.1.38.
+
+
+
+
+
+обработка ошибки инициализации в crypt_r() в Linux glibc.
+
+
+the Linux glibc crypt_r() initialization bug.
+
+
+
+
+
+модуль ngx_http_ssi_module не поддерживал относительные URI в
+команде include virtual.
+
+
+the ngx_http_ssi_module did not support the relative URI in
+the "include virtual" command.
+
+
+
+
+
+если в строке заголовка ответа бэкенда была строка "Location",
+которую nginx не должен был изменять, то в ответе передавалось тело 500 ошибки;
+ошибка появилась в 0.1.29.
+
+
+if the backend response had the "Location" header line and nginx
+should not rewrite this line, then the 500 code response body was transferred;
+the bug had appeared in 0.1.29.
+
+
+
+
+
+некоторые директивы модулей ngx_http_proxy_module и ngx_http_fastcgi_module
+не наследовались с уровня server на уровень location;
+ошибка появилась в 0.1.29.
+
+
+some directives of the ngx_http_proxy_module and ngx_http_fastcgi_module
+were not inherited from the server to the location level;
+the bug had appeared in 0.1.29.
+
+
+
+
+
+модуль ngx_http_ssl_module не поддерживал цепочки сертификатов.
+
+
+the ngx_http_ssl_module did not support the certificate chain.
+
+
+
+
+
+ошибка в модуле ngx_http_autoindex_module при показе длинных имён файлов;
+ошибка появилась в 0.1.38.
+
+
+the ngx_http_autoindex_module did not show correctly the long file names;
+the bug had appeared in 0.1.38.
+
+
+
+
+
+Исправления в IMAP/POP3 прокси при взаимодействии с бэкендом на стадии login.
+
+
+Bugfixes in IMAP/POP3 proxy in interaction with a backend at the login state.
+
+
+
+
+
+
+
+
+
+
+директива limit_rate поддерживается в режиме прокси и FastCGI.
+
+
+the "limit_rate" directive is supported in proxy and FastCGI mode.
+
+
+
+
+
+в режиме прокси и FastCGI поддерживается строка заголовка "X-Accel-Limit-Rate"
+в ответе бэкенда.
+
+
+the "X-Accel-Limit-Rate" response header line is supported in proxy
+and FastCGI mode.
+
+
+
+
+
+директива break.
+
+
+the "break" directive.
+
+
+
+
+
+директива log_not_found.
+
+
+the "log_not_found" directive.
+
+
+
+
+
+при перенаправлении запроса с помощью строки заголовка "X-Accel-Redirect"
+не изменялся код ответа.
+
+
+the response status code was not changed when request was redirected
+by the ""X-Accel-Redirect" header line.
+
+
+
+
+
+переменные, установленные директивой set не могли использоваться в SSI.
+
+
+the variables set by the "set" directive could not be used in SSI.
+
+
+
+
+
+при включении в SSI более одного удалённого подзапроса
+мог произойти segmentation fault.
+
+
+the segmentation fault may occurred if the SSI page has more than one
+remote subrequest.
+
+
+
+
+
+если статусная строка в ответе бэкенда передавалась в двух пакетах, то
+nginx считал ответ неверным;
+ошибка появилась в 0.1.29.
+
+
+nginx treated the backend response as invalid if the status line in the
+header was transferred in two packets;
+the bug had appeared in 0.1.29.
+
+
+
+
+
+директива ssi_types.
+
+
+the "ssi_types" directive.
+
+
+
+
+
+директива autoindex_exact_size.
+
+
+the "autoindex_exact_size" directive.
+
+
+
+
+
+модуль ngx_http_autoindex_module не поддерживал длинные имена файлов в UTF-8.
+
+
+the ngx_http_autoindex_module did not support the long file names in UTF-8.
+
+
+
+
+
+IMAP/POP3 прокси.
+
+
+the IMAP/POP3 proxy.
+
+
+
+
+
+
+
+
+
+
+в конце файла nginx.pid теперь добавляется "\n".
+
+
+now the "\n" is added to the end of the "nginx.pid" file.
+
+
+
+
+
+при включении большого количества вставок или нескольких больших вставок
+с помощью SSI ответ мог передаваться не полностью.
+
+
+the responses may be transferred not completely,
+if many parts or the big parts were included by SSI.
+
+
+
+
+
+если все бэкенды возвращали ответ 404, то при использовании параметра http_404
+в директивах proxy_next_upstream или fastcgi_next_upstream, nginx
+начинал запрашивать все бэкенды снова.
+
+
+if all backends had returned the 404 response and the "http_404" parameter of
+the "proxy_next_upstream" or "fastcgi_next_upstream" directives was used,
+then nginx started to request all backends again.
+
+
+
+
+
+
+
+
+
+
+если в заголовке запроса есть дублирующиеся строки "Host", "Connection",
+"Content-Length" и "Authorization", то nginx теперь выдаёт ошибку 400.
+
+
+if the request header has duplicate the "Host", "Connection", "Content-Length",
+or "Authorization" lines, then nginx now returns the 400 error.
+
+
+
+
+
+директива post_accept_timeout упразднена.
+
+
+the "post_accept_timeout" directive was canceled.
+
+
+
+
+
+параметры default, af=, bl=, deferred и bind в директиве listen.
+
+
+the "default", "af=", "bl=", "deferred", and "bind" parameters
+of the "listen" directive.
+
+
+
+
+
+поддержка accept фильтров во FreeBSD.
+
+
+the FreeBSD accept filters support.
+
+
+
+
+
+поддержка TCP_DEFER_ACCEPT в Linux.
+
+
+the Linux TCP_DEFER_ACCEPT support.
+
+
+
+
+
+модуль ngx_http_autoindex_module не поддерживал имена файлов в UTF-8.
+
+
+the ngx_http_autoindex_module did not support the file names in UTF-8.
+
+
+
+
+
+после добавления новый лог-файл ротация этого лога по сигналу -USR1
+выполнялась, только если переконфигурировать nginx два раза по сигналу -HUP.
+
+
+the new log file can be rotated by the -USR1 signal only if
+the reconfiguration by the -HUP signal was made twice.
+
+
+
+
+
+
+
+
+
+
+директива working_directory.
+
+
+the "working_directory" directive.
+
+
+
+
+
+директива port_in_redirect.
+
+
+the "port_in_redirect" directive.
+
+
+
+
+
+если заголовок ответа бэкенда не помещался в один пакет, то
+происходил segmentation fault;
+ошибка появилась в 0.1.29.
+
+
+the segmentation fault was occurred if the backend response header was in
+several packets;
+the bug had appeared in 0.1.29.
+
+
+
+
+
+если было сконфигурировано более 10 серверов или в сервере не описана
+директива "listen",
+то при запуске мог произойти segmentation fault.
+
+
+if more than 10 servers were configured or some server did not use the
+"listen" directive, then the segmentation fault was occurred on the start.
+
+
+
+
+
+если ответ не помещался во временный файл,
+то мог произойти segmentation fault.
+
+
+the segmentation fault might occur if the response was bigger than
+the temporary file.
+
+
+
+
+
+nginx возвращал ошибку 400 на запросы вида
+"GET http://www.domain.com/uri HTTP/1.0";
+ошибка появилась в 0.1.28.
+
+
+nginx returned the 400 response on requests like
+"GET http://www.domain.com/uri HTTP/1.0";
+the bug had appeared in 0.1.28.
+
+
+
+
+
+
+
+
+
+
+при включении больших ответов с помощью SSI рабочий процесс мог зациклиться.
+
+
+the worker process may got caught in an endless loop if the big response
+part were include by SSI.
+
+
+
+
+
+переменные, устанавливаемые директивой "set", не были доступны в SSI.
+
+
+the variables set by the "set" directive were not available in SSI.
+
+
+
+
+
+директива autoindex_localtime.
+
+
+the "autoindex_localtime" directive.
+
+
+
+
+
+пустое значение в директиве proxy_set_header запрещает передачу заголовка.
+
+
+the empty value of the "proxy_set_header" directive forbids the client
+request header line passing.
+
+
+
+
+
+
+
+
+
+
+nginx не собирался с параметром --without-pcre;
+ошибка появилась в 0.1.29.
+
+
+nginx could not be built with the --without-pcre parameter;
+the bug had appeared in 0.1.29.
+
+
+
+
+
+3, 5, 7 и 8 директив proxy_set_header на одном уровне вызывали
+bus fault при запуске.
+
+
+3, 4, 7, and 8 the "proxy_set_header" directives in one level cause
+the bus fault on start up.
+
+
+
+
+
+в редиректах внутри HTTPS сервера был указан протокол HTTP.
+
+
+the HTTP protocol was specified in the HTTPS redirects.
+
+
+
+
+
+если директива rewrite использовала выделения внутри директивы if, то
+возвращалась ошибка 500.
+
+
+if the "rewrite" directive used the captures inside the "if" directive, then
+the 500 error code was returned.
+
+
+
+
+
+
+
+
+
+
+в редиректах, выдаваемых с помощью директивы rewrite, не передавались аргументы;
+ошибка появилась в 0.1.29.
+
+
+the arguments were omitted in the redirects, issued by the "rewrite" directive;
+the bug had appeared in 0.1.29.
+
+
+
+
+
+директива if поддерживает выделения в регулярных выражениях.
+
+
+the "if" directive supports the captures in regular expressions.
+
+
+
+
+
+директива set поддерживает переменные и выделения из регулярных выражений.
+
+
+the "set" directive supports the variables and the captures of regular
+expressions.
+
+
+
+
+
+в режиме прокси и FastCGI поддерживается строка заголовка "X-Accel-Redirect"
+в ответе бэкенда.
+
+
+the "X-Accel-Redirect" response header line is supported in proxy and FastCGI
+mode.
+
+
+
+
+
+
+
+
+
+
+при использовании SSL ответ мог передаваться не до конца.
+
+
+the response encrypted by SSL may not transferred complete.
+
+
+
+
+
+ошибки при обработке SSI в ответе, полученного от FastCGI-сервера.
+
+
+errors while processing FastCGI response by SSI.
+
+
+
+
+
+ошибки при использовании SSI и сжатия.
+
+
+errors while using SSI and gzipping.
+
+
+
+
+
+редирект с кодом 301 передавался без тела ответа;
+ошибка появилась в 0.1.30.
+
+
+the redirect with the 301 code was transferred without response body;
+the bug had appeared in 0.1.30.
+
+
+
+
+
+
+
+
+
+
+при использовании SSI рабочий процесс мог зациклиться.
+
+
+the worker process may got caught in an endless loop if the SSI was used.
+
+
+
+
+
+при использовании SSL ответ мог передаваться не до конца.
+
+
+the response encrypted by SSL may not transferred complete.
+
+
+
+
+
+если длина части ответа, полученного за один раз от проксируемого или
+FastCGI сервера была равна 500 байт, то nginx возвращал код ответа 500;
+в режиме прокси ошибка появилась только в 0.1.29.
+
+
+if the length of the response part received at once from proxied
+or FastCGI server was equal to 500, then nginx returns the 500 response code;
+in proxy mode the bug had appeared in 0.1.29 only.
+
+
+
+
+
+nginx не считал неверными директивы с 8-ю или 9-ю параметрами.
+
+
+nginx did not consider the directives with 8 or 9 parameters as invalid.
+
+
+
+
+
+директива return может возвращать код ответа 204.
+
+
+the "return" directive can return the 204 response code.
+
+
+
+
+
+директива ignore_invalid_headers.
+
+
+the "ignore_invalid_headers" directive.
+
+
+
+
+
+
+
+
+
+
+модуль ngx_http_ssi_module поддерживает команду include virtual.
+
+
+the ngx_http_ssi_module supports "include virtual" command.
+
+
+
+
+
+модуль ngx_http_ssi_module поддерживает условную команду вида
+'if expr="$NAME"' и команды else и endif.
+Допускается только один уровень вложенности.
+
+
+the ngx_http_ssi_module supports the condition command like
+'if expr="$NAME"' and "else" and "endif" commands.
+Only one nested level is supported.
+
+
+
+
+
+модуль ngx_http_ssi_module поддерживает две переменные DATE_LOCAL и DATE_GMT
+и команду config timefmt.
+
+
+the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables
+and "config timefmt" command.
+
+
+
+
+
+директива ssi_ignore_recycled_buffers.
+
+
+the "ssi_ignore_recycled_buffers" directive.
+
+
+
+
+
+если переменная QUERY_STRING не была определена, то в команде echo
+не ставилось значение по умолчанию.
+
+
+the "echo" command did not show the default value for the empty QUERY_STRING
+variable.
+
+
+
+
+
+модуль ngx_http_proxy_module полностью переписан.
+
+
+the ngx_http_proxy_module was rewritten.
+
+
+
+
+
+директивы proxy_redirect, proxy_pass_request_headers,
+proxy_pass_request_body и proxy_method.
+
+
+the "proxy_redirect", "proxy_pass_request_headers",
+"proxy_pass_request_body", and "proxy_method" directives.
+
+
+
+
+
+директива proxy_set_header.
+Директива proxy_x_var упразднена и должна быть заменена директивой
+proxy_set_header.
+
+
+the "proxy_set_header" directive.
+The "proxy_x_var" was canceled and must be replaced with the proxy_set_header
+directive.
+
+
+
+
+
+директива proxy_preserve_host упразднена и должна быть заменена директивами
+"proxy_set_header Host $host" и "proxy_redirect off"
+или директивой "proxy_set_header Host $host:$proxy_port"
+и соответствующими ей директивами proxy_redirect.
+
+
+the "proxy_preserve_host" is canceled and must be replaced with
+the "proxy_set_header Host $host" and the "proxy_redirect off" directives,
+the "proxy_set_header Host $host:$proxy_port" directive
+and the appropriate proxy_redirect directives.
+
+
+
+
+
+директива proxy_set_x_real_ip упразднена и должна быть заменена директивой
+"proxy_set_header X-Real-IP $remote_addr".
+
+
+the "proxy_set_x_real_ip" is canceled and must be replaced with
+the "proxy_set_header X-Real-IP $remote_addr" directive.
+
+
+
+
+
+директива proxy_add_x_forwarded_for упразднена и должна быть заменена
+директивой
+"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for".
+
+
+the "proxy_add_x_forwarded_for" is canceled and must be replaced with
+the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
+directive.
+
+
+
+
+
+директива proxy_set_x_url упразднена и должна быть заменена директивой
+"proxy_set_header X-URL http://$host:$server_port$request_uri".
+
+
+the "proxy_set_x_url" is canceled and must be replaced with
+the "proxy_set_header X-URL http://$host:$server_port$request_uri"
+directive.
+
+
+
+
+
+директива fastcgi_param.
+
+
+the "fastcgi_param" directive.
+
+
+
+
+
+директивы fastcgi_root, fastcgi_set_var и fastcgi_params упразднены
+и должны быть замены директивами fastcgi_param.
+
+
+the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive
+are canceled and must be replaced with the fastcgi_param directives.
+
+
+
+
+
+директива index может использовать переменные.
+
+
+the "index" directive can use the variables.
+
+
+
+
+
+директива index может быть указана на уровне http и server.
+
+
+the "index" directive can be used at http and server levels.
+
+
+
+
+
+только последний параметр в директиве index может быть абсолютным.
+
+
+the last index only in the "index" directive can be absolute.
+
+
+
+
+
+в директиве rewrite могут использоваться переменные.
+
+
+the "rewrite" directive can use the variables.
+
+
+
+
+
+директива internal.
+
+
+the "internal" directive.
+
+
+
+
+
+переменные CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR,
+SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME,
+REQUEST_METHOD, REQUEST_URI и REMOTE_USER.
+
+
+the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR,
+SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME,
+REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables.
+
+
+
+
+
+nginx теперь передаёт неверные строки в заголовках запроса клиента и
+ответа бэкенда.
+
+
+nginx now passes the invalid lines in a client request headers
+or a backend response header.
+
+
+
+
+
+если бэкенд долго не передавал ответ и send_timeout был меньше, чем
+proxy_read_timeout, то клиенту возвращался ответ 408.
+
+
+if the backend did not transfer response for a long time and
+the "send_timeout" was less than "proxy_read_timeout", then nginx
+returned the 408 response.
+
+
+
+
+
+если бэкенд передавал неверную строку в заголовке ответа, то происходил
+segmentation fault;
+ошибка появилась в 0.1.26.
+
+
+the segmentation fault was occurred if the backend sent an invalid line
+in response header;
+the bug had appeared in 0.1.26.
+
+
+
+
+
+при использовании отказоустойчивой конфигурации в FastCGI мог
+происходить segmentation fault.
+
+
+the segmentation fault may occurred in FastCGI fault tolerance configuration.
+
+
+
+
+
+директива expires не удаляла уже установленные строки заголовка
+"Expires" и "Cache-Control".
+
+
+the "expires" directive did not remove the previous "Expires" and
+"Cache-Control" headers.
+
+
+
+
+
+nginx не учитывал завершающую точку в строке заголовка запроса "Host".
+
+
+nginx did not take into account trailing dot in "Host" header line.
+
+
+
+
+
+модуль ngx_http_auth_module не работал на Linux.
+
+
+the ngx_http_auth_module did not work under Linux.
+
+
+
+
+
+директива rewrite неверно работала, если в запросе присутствовали аргументы.
+
+
+the rewrite directive worked incorrectly, if the arguments were in a request.
+
+
+
+
+
+nginx не собирался на MacOS X.
+
+
+nginx could not be built on MacOS X.
+
+
+
+
+
+
+
+
+
+
+при проксировании больших файлов nginx сильно нагружал процессор.
+
+
+nginx hogs CPU while proxying the huge files.
+
+
+
+
+
+nginx не собирался gcc 4.0 на Linux.
+
+
+nginx could not be built by gcc 4.0 on Linux.
+
+
+
+
+
+
+
+
+
+
+параметр blocked в директиве valid_referers.
+
+
+the "blocked" parameter of the "valid_referers" directive.
+
+
+
+
+
+ошибки обработки заголовка запроса теперь записываются на уровне
+info, в лог также записывается имя сервера и строки заголовка
+запроса "Host" и "Referer".
+
+
+the errors while handling the request header now logged at "info" level.
+The server name and the "Host" and "Referer" header lines also logged.
+
+
+
+
+
+при записи ошибок в лог записывается также строка заголовка запроса "Host".
+
+
+the "Host" header line is also logged in error log.
+
+
+
+
+
+директива proxy_pass_unparsed_uri.
+Специальная обработка символов "://" в URI, введённая в версии 0.1.11,
+теперь упразднена.
+
+
+the proxy_pass_unparsed_uri directive.
+The special handling of the "://" symbols in URI, appeared in 0.1.11 version,
+now is canceled.
+
+
+
+
+
+nginx не собирался на FreeBSD и Linux, если был указан параметр конфигурации
+--without-ngx_http_auth_basic_module.
+
+
+nginx could not be built on FreeBSD and Linux, if the
+--without-ngx_http_auth_basic_module configuration parameter was used.
+
+
+
+
+
+
+
+
+
+
+неверные строки заголовка, переданные клиентом, теперь игнорируется и
+записываются в error_log на уровне info.
+
+
+the invalid client header lines are now ignored and logged at the info level.
+
+
+
+
+
+при записи ошибок в лог записывается также имя сервера, при обращении
+к которому произошла ошибка.
+
+
+the server name is also logged in error log.
+
+
+
+
+
+модуль ngx_http_auth_basic_module и директивы auth_basic и
+auth_basic_user_file.
+
+
+the ngx_http_auth_basic_module module and the auth_basic and
+auth_basic_user_file directives.
+
+
+
+
+
+
+
+
+
+
+nginx не работал на Linux parisc.
+
+
+nginx did run on Linux parisc.
+
+
+
+
+
+nginx теперь не запускается под FreeBSD, если значение
+sysctl kern.ipc.somaxconn слишком большое.
+
+
+nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn
+value is too big.
+
+
+
+
+
+если модуль ngx_http_index_module делал внутреннее перенаправление запроса
+в модули ngx_http_proxy_module или ngx_http_fastcgi_module, то файл индекса
+не закрывался после обслуживания запроса.
+
+
+if a request was internally redirected by the ngx_http_index_module
+module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules,
+then the index file was not closed after request completion.
+
+
+
+
+
+директива proxy_pass может использоваться в location, заданных регулярным
+выражением.
+
+
+the "proxy_pass" can be used in location with regular expression.
+
+
+
+
+
+модуль ngx_http_rewrite_filter_module поддерживает условия вида
+"if ($HTTP_USER_AGENT ~ MSIE)".
+
+
+the ngx_http_rewrite_filter_module module supports the condition like
+"if ($HTTP_USER_AGENT ~ MSIE)".
+
+
+
+
+
+nginx очень медленно запускался при большом количестве адресов и
+использовании текстовых значений в директиве geo.
+
+
+nginx started too slow if the large number of addresses and text values
+were used in the "geo" directive.
+
+
+
+
+
+имя переменной в директиве geo нужно указывать, как $name.
+Прежний вариант без "$" пока работает, но вскоре будет убран.
+
+
+a variable name must be declared as "$name" in the "geo" directive.
+The previous variant without "$" is still supported, but will be removed soon.
+
+
+
+
+
+параметр лога "%{VARIABLE}v".
+
+
+the "%{VARIABLE}v" logging parameter.
+
+
+
+
+
+директива "set $name value".
+
+
+the "set $name value" directive.
+
+
+
+
+
+совместимость с gcc 4.0.
+
+
+gcc 4.0 compatibility.
+
+
+
+
+
+параметр автоконфигурации --with-openssl-opt=OPTIONS.
+
+
+the --with-openssl-opt=OPTIONS autoconfiguration directive.
+
+
+
+
+
+
+
+
+
+
+модуль ngx_http_ssi_filter_module поддерживает переменные
+QUERY_STRING и DOCUMENT_URI.
+
+
+the ngx_http_ssi_filter_module supports the QUERY_STRING and DOCUMENT_URI
+variables.
+
+
+
+
+
+модуль ngx_http_autoindex_module мог выдавать ответ 404
+на существующий каталог, если этот каталог был указан как alias.
+
+
+the ngx_http_autoindex_module may some times return the 404 response
+for existent directory, if this directory was used in "alias" directive.
+
+
+
+
+
+модуль ngx_http_ssi_filter_module неправильно работал при больших
+ответах.
+
+
+the ngx_http_ssi_filter_module ran incorrectly for large responses.
+
+
+
+
+
+отсутствие строки заголовка "Referer" всегда считалось правильным referrer'ом.
+
+
+the lack of the "Referer" header line was always accounted as valid referrer.
+
+
+
+
+
+
+
+
+
+
+модуль ngx_http_ssi_filter_module и
+директивы ssi, ssi_silent_errors и ssi_min_file_chunk.
+Поддерживаются команды 'echo var="HTTP_..." default=""' и
+'echo var="REMOTE_ADDR"'.
+
+
+the ngx_http_ssi_filter_module and
+the ssi, ssi_silent_errors, and ssi_min_file_chunk directives.
+The 'echo var="HTTP_..." default=""' and 'echo var="REMOTE_ADDR"' commands
+are supported.
+
+
+
+
+
+параметр лога %request_time.
+
+
+the %request_time log parameter.
+
+
+
+
+
+если запрос пришёл без строки заголовка "Host", то директива
+proxy_preserve_host устанавливает в качестве этого заголовка первое имя
+сервера из директивы server_name.
+
+
+if the request has no the "Host" header line, then the "proxy_preserve_host"
+directive set this header line to the first server name of the "server_name"
+directive.
+
+
+
+
+
+nginx не собирался на платформах, отличных от i386, amd64, sparc и ppc;
+ошибка появилась в 0.1.22.
+
+
+nginx could not be built on platforms different from i386, amd64, sparc,
+and ppc;
+the bug had appeared in 0.1.22.
+
+
+
+
+
+модуль ngx_http_autoindex_module теперь показывает информацию не о
+символическом линке, а о файле или каталоге, на который он указывает.
+
+
+the ngx_http_autoindex_module now shows the information not about the symlink,
+but about file or directory it points to.
+
+
+
+
+
+если клиенту ничего не передавалось, то параметр %apache_length
+записывал в лог отрицательную длину заголовка ответа.
+
+
+the %apache_length parameter logged the negative length
+of the response header if the no response was transferred to a client.
+
+
+
+
+
+
+
+
+
+
+модуль ngx_http_stub_status_module показывал неверную статистику
+для обработанных соединений, если использовалось проксирование
+или FastCGI-сервер.
+
+
+the ngx_http_stub_status_module showed incorrect handled connections
+statistics if the proxying or FastCGI server were used.
+
+
+
+
+
+на Linux и Solaris установочные пути были неверно заключены в кавычки;
+ошибка появилась в 0.1.21.
+
+
+the installation paths were incorrectly quoted on Linux and Solaris;
+the bug had appeared in 0.1.21.
+
+
+
+
+
+
+
+
+
+
+модуль ngx_http_stub_status_module показывал неверную статистику
+при использовании метода rtsig или при использовании нескольких
+рабочих процессов на SMP машине.
+
+
+the ngx_http_stub_status_module showed incorrect statistics
+if "rtsig" method was used or if several worker process ran on SMP.
+
+
+
+
+
+nginx не собирался компилятором icc под Линуксом или
+если библиотека zlib-1.2.x собиралась из исходных текстов.
+
+
+nginx could not be built by the icc compiler on Linux or
+if the zlib-1.2.x library was building from sources.
+
+
+
+
+
+nginx не собирался под NetBSD 2.0.
+
+
+nginx could not be built on NetBSD 2.0.
+
+
+
+
+
+
+
+
+
+
+новые параметры script_filename и remote_port в директиве fastcgi_params.
+
+
+the new "script_filename" and "remote_port" parameters
+of the fastcgi_params directive.
+
+
+
+
+
+неправильно обрабатывался поток stderr от FastCGI-сервера.
+
+
+the FastCGI stderr stream was handled incorrectly.
+
+
+
+
+
+
+
+
+
+
+если в запросе есть нуль, то для локальных запросов теперь возвращается
+ошибка 404.
+
+
+now, if request contains the zero, then the 404 error is returned
+for the local requests.
+
+
+
+
+
+nginx не собирался под NetBSD 2.0.
+
+
+nginx could not be built on NetBSD 2.0.
+
+
+
+
+
+во время чтения тела запроса клиента в SSL соединении мог произойти таймаут.
+
+
+the timeout may occur while reading of the client request body
+via SSL connections.
+
+
+
+
+
+
+
+
+
+
+для совместимости с Solaris 10 в директивах devpoll_events и devpoll_changes
+значения по умолчанию уменьшены с 512 до 32.
+
+
+the default values of the devpoll_events and the devpoll_changes directives
+changed from 512 to 32 to be compatible with Solaris 10.
+
+
+
+
+
+директивы proxy_set_x_var и fastcgi_set_var не наследовались.
+
+
+the proxy_set_x_var and fastcgi_set_var directives were not inherited.
+
+
+
+
+
+в директиве rewrite, возвращающей редирект, аргументы присоединялись
+к URI через символ "&" вместо "?".
+
+
+in a redirect rewrite directive arguments were concatenated with URI
+by an "&" rather than a "?".
+
+
+
+
+
+строки для модуля ngx_http_geo_module без символа ";" во включённом файле
+игнорировались.
+
+
+the lines without trailing ";" in the file being included
+by the ngx_http_geo_module were silently ignored.
+
+
+
+
+
+модуль ngx_http_stub_status_module.
+
+
+the ngx_http_stub_status_module.
+
+
+
+
+
+неизвестный формат лог-файла в директиве access_log вызывал segmentation fault.
+
+
+the unknown log format in the access_log directive caused
+the segmentation fault.
+
+
+
+
+
+новый параметр document_root в директиве fastcgi_params.
+
+
+the new "document_root" parameter of the fastcgi_params directive.
+
+
+
+
+
+директива fastcgi_redirect_errors.
+
+
+the fastcgi_redirect_errors directive.
+
+
+
+
+
+новый модификатор break в директиве rewrite позволяет прекратить
+цикл rewrite/location и устанавливает текущую конфигурацию для запроса.
+
+
+the new "break" modifier of the "rewrite" directive allows to stop
+the rewrite/location cycle and sets the current configuration to the request.
+
+
+
+
+
+
+
+
+
+
+модуль ngx_http_rewrite_module полностью переписан.
+Теперь можно делать редиректы, возвращать коды ошибок
+и проверять переменные и рефереры.
+Эти директивы можно использовать внутри location.
+Директива redirect упразднена.
+
+
+the ngx_http_rewrite_module was rewritten from the scratch.
+Now it is possible to redirect, to return the error codes,
+to check the variables and referrers. The directives can be used
+inside locations.
+The redirect directive was canceled.
+
+
+
+
+
+модуль ngx_http_geo_module.
+
+
+the ngx_http_geo_module.
+
+
+
+
+
+директивы proxy_set_x_var и fastcgi_set_var.
+
+
+the proxy_set_x_var and fastcgi_set_var directives.
+
+
+
+
+
+конфигурация location с модификатором "=" могла использоваться
+в другом location.
+
+
+the location configuration with "=" modifier may be used in another
+location.
+
+
+
+
+
+правильный тип ответа выставлялся только для запросов, у которых в расширении
+были только маленькие буквы.
+
+
+the correct content type was set only for requests that use small caps letters
+in extension.
+
+
+
+
+
+если для location установлен proxy_pass или fastcgi_pass, и доступ
+к нему запрещался, а ошибка перенаправлялась на статическую страницу,
+то происходил segmentation fault.
+
+
+if the proxy_pass or fastcgi_pass directives were set in the location,
+and access was denied, and the error was redirected to a static page,
+then the segmentation fault occurred.
+
+
+
+
+
+если в проксированном ответе в заголовке "Location" передавался
+относительный URL, то к нему добавлялось имя хоста и слэш;
+ошибка появилась в 0.1.14.
+
+
+if in a proxied "Location" header was a relative URL,
+then a host name and a slash were added to them;
+the bug had appeared in 0.1.14.
+
+
+
+
+
+на Linux в лог не записывался текст системной ошибки.
+
+
+the system error message was not logged on Linux.
+
+
+
+
+
+
+
+
+
+
+если ответ передавался chunk'ами, то при запросе HEAD выдавался
+завершающий chunk.
+
+
+if the response were transferred by chunks, then on the HEAD request
+the final chunk was issued.
+
+
+
+
+
+заголовок "Connection: keep-alive" выдавался, даже если директива
+keepalive_timeout запрещала использование keep-alive.
+
+
+the "Connection: keep-alive" header were issued, even if the
+keepalive_timeout directive forbade the keep-alive use.
+
+
+
+
+
+ошибки в модуле ngx_http_fastcgi_module вызывали segmentation fault.
+
+
+the errors in the ngx_http_fastcgi_module caused the segmentation faults.
+
+
+
+
+
+при использовании SSL сжатый ответ мог передаваться не до конца.
+
+
+the compressed response encrypted by SSL may not transferred complete.
+
+
+
+
+
+опции TCP_NODELAY, TCP_NOPUSH и TCP_CORK, специфичные для TCP сокетов,
+не используются для unix domain сокетов.
+
+
+the TCP-specific TCP_NODELAY, TCP_NOPUSH, and TCP_CORK options,
+are not used for the unix domain sockets.
+
+
+
+
+
+директива rewrite поддерживает перезаписывание аргументов.
+
+
+the rewrite directive supports the arguments rewriting.
+
+
+
+
+
+на запрос POST с заголовком "Content-Length: 0" возвращался ответ 400;
+ошибка появилась в 0.1.14.
+
+
+the response code 400 was returned for the POST request with the
+"Content-Length: 0" header;
+the bug had appeared in 0.1.14.
+
+
+
+
+
+
+
+
+
+
+ошибка соединения с FastCGI-сервером вызывала segmentation fault.
+
+
+the error while the connecting to the FastCGI server caused
+segmentation fault.
+
+
+
+
+
+корректная обработка регулярного выражения, в котором число
+выделенных частей не совпадает с числом подстановок.
+
+
+the correct handling of the regular expression, that
+has different number of the captures and substitutions.
+
+
+
+
+
+location, который передаётся FastCGI-серверу, может быть задан
+с помощью регулярного выражения.
+
+
+the location, that is passed to the FastCGI server, can be
+regular expression.
+
+
+
+
+
+параметр FastCGI REQUEST_URI теперь передаётся вместе с аргументами
+и в том виде, в котором был получен от клиента.
+
+
+the FastCGI's parameter REQUEST_URI is now passed with the arguments
+and in the original state.
+
+
+
+
+
+для использования регулярных выражений в location нужно было
+собирать nginx вместе с ngx_http_rewrite_module.
+
+
+the ngx_http_rewrite_module module was required to be built to use
+the regular expressions in locations.
+
+
+
+
+
+если бэкенд слушал на 80-ом порту, то при использовании директивы
+"proxy_preserve_host on" в заголовке "Host" указывался
+также порт 80;
+ошибка появилась в 0.1.14.
+
+
+the directive "proxy_preserve_host on" adds port 80
+to the "Host" headers, if upstream listen on port 80;
+the bug had appeared in 0.1.14.
+
+
+
+
+
+если задать одинаковые пути в параметрах автоконфигурации
+--http-client-body-temp-path=PATH и --http-proxy-temp-path=PATH
+или --http-client-body-temp-path=PATH и --http-fastcgi-temp-path=PATH,
+то происходил segmentation fault.
+
+
+the same paths in autoconfiguration parameters
+--http-client-body-temp-path=PATH and --http-proxy-temp-path=PATH,
+or --http-client-body-temp-path=PATH and --http-fastcgi-temp-path=PATH
+caused segmentation fault.
+
+
+
+
+
+
+
+
+
+
+параметры автоконфигурации
+--http-client-body-temp-path=PATH,
+--http-proxy-temp-path=PATH
+и --http-fastcgi-temp-path=PATH
+
+
+the autoconfiguration directives:
+--http-client-body-temp-path=PATH,
+--http-proxy-temp-path=PATH,
+and --http-fastcgi-temp-path=PATH
+
+
+
+
+
+имя каталога с временными файлами, содержащие тело запроса клиента,
+задаётся директивой client_body_temp_path,
+по умолчанию <prefix>/client_body_temp.
+
+
+the directory name for the temporary files with the client request body
+is specified by directive client_body_temp_path,
+by default it is <prefix>/client_body_temp.
+
+
+
+
+
+модуль ngx_http_fastcgi_module и директивы
+fastcgi_pass,
+fastcgi_root,
+fastcgi_index,
+fastcgi_params,
+fastcgi_connect_timeout,
+fastcgi_send_timeout,
+fastcgi_read_timeout,
+fastcgi_send_lowat,
+fastcgi_header_buffer_size,
+fastcgi_buffers,
+fastcgi_busy_buffers_size,
+fastcgi_temp_path,
+fastcgi_max_temp_file_size,
+fastcgi_temp_file_write_size,
+fastcgi_next_upstream
+и fastcgi_x_powered_by.
+
+
+
+the ngx_http_fastcgi_module and the directives:
+fastcgi_pass,
+fastcgi_root,
+fastcgi_index,
+fastcgi_params,
+fastcgi_connect_timeout,
+fastcgi_send_timeout,
+fastcgi_read_timeout,
+fastcgi_send_lowat,
+fastcgi_header_buffer_size,
+fastcgi_buffers,
+fastcgi_busy_buffers_size,
+fastcgi_temp_path,
+fastcgi_max_temp_file_size,
+fastcgi_temp_file_write_size,
+fastcgi_next_upstream,
+and fastcgi_x_powered_by.
+
+
+
+
+
+ошибка "[alert] zero size buf";
+ошибка появилась в 0.1.3.
+
+
+the "[alert] zero size buf" error;
+the bug had appeared in 0.1.3.
+
+
+
+
+
+в директиве proxy_pass нужно обязательно указывать URI после имени хоста.
+
+
+the URI must be specified after the host name in the proxy_pass directive.
+
+
+
+
+
+если в URI встречался символ %3F, то он считался началом строки аргументов.
+
+
+the %3F symbol in the URI was considered as the argument string start.
+
+
+
+
+
+поддержка unix domain сокетов в модуле ngx_http_proxy_module.
+
+
+the unix domain sockets support in the ngx_http_proxy_module.
+
+
+
+
+
+директивы ssl_engine и ssl_ciphers.
+Спасибо Сергею Скворцову за SSL-акселератор.
+
+
+the ssl_engine and ssl_ciphers directives.
+Thanks to Sergey Skvortsov for SSL-accelerator.
+
+
+
+
+
+
+
+
+
+
+директивы server_names_hash и server_names_hash_threshold.
+
+
+the server_names_hash and server_names_hash_threshold directives.
+
+
+
+
+
+имена *.domain.tld в директиве server_name не работали.
+
+
+the *.domain.tld names in the "server_name" directive did not work.
+
+
+
+
+
+параметр лога %request_length записывал неверную длину.
+
+
+the %request_length log parameter logged the incorrect length.
+
+
+
+
+
+
+
+
+
+
+параметр лога %request_length.
+
+
+the %request_length log parameter.
+
+
+
+
+
+при использовании /dev/poll, select и poll на платформах, где возможны
+ложные срабатывания указанных методов, могли быть длительные задержки
+при обработке запроса по keep-alive соединению.
+Наблюдалось по крайней мере на Solaris с использованием /dev/poll.
+
+
+when using the /dev/poll, select and poll on the platforms, where
+these methods may do the false reports, there may be the long delay when
+the request was passed via the keep-alive connection.
+It may be at least on Solaris when using the /dev/poll.
+
+
+
+
+
+директива send_lowat игнорируется на Linux, так как Linux не поддерживает
+опцию SO_SNDLOWAT.
+
+
+the send_lowat directive is ignored on Linux because Linux does not support
+the SO_SNDLOWAT option.
+
+
+
+
+
+
+
+
+
+
+директива worker_priority.
+
+
+the worker_priority directive.
+
+
+
+
+
+под FreeBSD директивы tcp_nopush и tcp_nodelay вместе влияют на передачу
+ответа.
+
+
+both tcp_nopush and tcp_nodelay directives affect the transferred response.
+
+
+
+
+
+nginx не вызывал initgroups().
+Спасибо Андрею Ситникову и Андрею Нигматулину.
+
+
+nginx did not call initgroups().
+Thanks to Andrew Sitnikov and Andrei Nigmatulin.
+
+
+
+
+
+ngx_http_auto_index_module теперь выдаёт размер файлов в байтах.
+
+
+now the ngx_http_autoindex_module shows the file size in the bytes.
+
+
+
+
+
+ngx_http_auto_index_module возвращал ошибку 500, если в каталоге есть
+битый symlink.
+
+
+the ngx_http_autoindex_module returned the 500 error if the broken symlink
+was in a directory.
+
+
+
+
+
+файлы больше 4G не передавались с использованием sendfile.
+
+
+the files bigger than 4G could not be transferred using sendfile.
+
+
+
+
+
+если бэкенд резолвился в несколько адресов и при ожидании от него ответа
+происходила ошибка, то процесс зацикливался.
+
+
+if the backend was resolved to several backends and there was an error while
+the response waiting then process may got caught in an endless loop.
+
+
+
+
+
+при использовании метода /dev/poll рабочий процесс мог завершиться
+с сообщением "unknown cycle".
+
+
+the worker process may exit with the "unknown cycle" message when the /dev/poll
+method was used.
+
+
+
+
+
+ошибки "close() channel failed".
+
+
+"close() channel failed" errors.
+
+
+
+
+
+автоматическое определение групп nobody и nogroup.
+
+
+the autodetection of the "nobody" and "nogroup" groups.
+
+
+
+
+
+директива send_lowat не работала на Linux.
+
+
+the send_lowat directive did not work on Linux.
+
+
+
+
+
+если в конфигурации не было раздела events, то происходил segmentation fault.
+
+
+the segmentation fault occurred if there was no events section
+in configuration.
+
+
+
+
+
+nginx не собирался под OpenBSD.
+
+
+nginx could not be built on OpenBSD.
+
+
+
+
+
+двойные слэшы в "://" в URI превращались в ":/".
+
+
+the double slashes in "://" in the URI were converted to ":/".
+
+
+
+
+
+
+
+
+
+
+если в запросе без аргументов есть "//", "/./", "/../" или "%XX",
+то терялся последний символ в строке запроса;
+ошибка появилась в 0.1.9.
+
+
+if the request without arguments contains "//", "/./", "/../" or "%XX"
+then the last character in the request line was lost;
+the bug had appeared in 0.1.9.
+
+
+
+
+
+исправление в версии 0.1.9 для файлов больше 2G на Linux не работало.
+
+
+the fix in 0.1.9 for the files bigger than 2G on Linux did not work.
+
+
+
+
+
+
+
+
+
+
+если в запросе есть "//", "/./", "/../" или "%XX", то проксируемый
+запрос передавался без аргументов.
+
+
+the proxied request was sent without arguments if the request contains
+"//", "/./", "/../" or "%XX".
+
+
+
+
+
+при сжатии больших ответов иногда они передавались не полностью.
+
+
+the large compressed responses may be transferred not completely.
+
+
+
+
+
+не передавались файлы больше 2G на Linux, неподдерживающем sendfile64().
+
+
+the files bigger than 2G was not transferred on Linux that does not support
+sendfile64().
+
+
+
+
+
+на Linux при конфигурации сборки нужно было обязательно использовать
+параметр --with-poll_module;
+ошибка появилась в 0.1.8.
+
+
+while the build configuration on Linux the --with-poll_module parameter
+was required;
+the bug had appeared in 0.1.8.
+
+
+
+
+
+
+
+
+
+
+ошибка в модуле ngx_http_autoindex_module при показе длинных имён файлов.
+
+
+in the ngx_http_autoindex_module if the long file names were in the listing.
+
+
+
+
+
+модификатор "^~" в директиве location.
+
+
+the "^~" modifier in the location directive.
+
+
+
+
+
+директива proxy_max_temp_file_size.
+
+
+the proxy_max_temp_file_size directive.
+
+
+
+
+
+
+
+
+
+
+при использовании sendfile, если передаваемый файл менялся, то мог
+произойти segmentation fault на FreeBSD;
+ошибка появилась в 0.1.5.
+
+
+on FreeBSD the segmentation fault may occur if the size of the transferred
+file was changed;
+the bug had appeared in 0.1.5.
+
+
+
+
+
+
+
+
+
+
+при некоторых комбинациях директив location c регулярными выражениями
+использовалась конфигурация не из того location.
+
+
+some location directive combinations with the regular expressions caused
+the wrong configuration choose.
+
+
+
+
+
+
+
+
+
+
+на Solaris и Linux могло быть очень много сообщений "recvmsg() returned
+not enough data".
+
+
+on Solaris and Linux there may be too many "recvmsg() returned not enough data"
+alerts.
+
+
+
+
+
+в режиме прокси без использования sendfile на Solaris возникала
+ошибка "writev() failed (22: Invalid argument)".
+На других платформах, не поддерживающих sendfile, процесс зацикливался.
+
+
+there were the "writev() failed (22: Invalid argument)" errors on
+Solaris in proxy mode without sendfile. On other platforms that do not
+support sendfile at all the process got caught in an endless loop.
+
+
+
+
+
+при использовании sendfile в режиме прокси на Solaris возникал
+segmentation fault.
+
+
+segmentation fault on Solaris in proxy mode and using sendfile.
+
+
+
+
+
+segmentation fault на Solaris.
+
+
+segmentation fault on Solaris.
+
+
+
+
+
+обновление исполняемого файла на лету не работало на Linux.
+
+
+on-line upgrade did not work on Linux.
+
+
+
+
+
+в списке файлов, выдаваемом модулем ngx_http_autoindex_module,
+не перекодировались пробелы, кавычки и знаки процента.
+
+
+the ngx_http_autoindex_module module did not escape the spaces,
+the quotes, and the percent signs in the directory listing.
+
+
+
+
+
+уменьшение операций копирования.
+
+
+the decrease of the copy operations.
+
+
+
+
+
+директива userid_p3p.
+
+
+the userid_p3p directive.
+
+
+
+
+
+
+
+
+
+
+ошибка в модуле ngx_http_autoindex_module.
+
+
+in the ngx_http_autoindex_module.
+
+
+
+
+
+
+
+
+
+
+модуль ngx_http_autoindex_module и директива autoindex.
+
+
+the ngx_http_autoindex_module and the autoindex directive.
+
+
+
+
+
+директива proxy_set_x_url.
+
+
+the proxy_set_x_url directive.
+
+
+
+
+
+модуль проксировании мог привести к зацикливанию, если не использовался
+sendfile.
+
+
+proxy module may get caught in an endless loop when sendfile is not used.
+
+
+
+
+
+
+
+
+
+
+параметры --user=USER, --group=GROUP и --with-ld-opt=OPTIONS в configure.
+
+
+the --user=USER, --group=GROUP, and --with-ld-opt=OPTIONS options in configure.
+
+
+
+
+
+директива server_name поддерживает *.domain.tld.
+
+
+the server_name directive supports *.domain.tld.
+
+
+
+
+
+улучшена переносимость на неизвестные платформы.
+
+
+the portability improvements.
+
+
+
+
+
+нельзя переконфигурировать nginx, если конфигурационный файл указан
+в командной строке;
+ошибка появилась в 0.1.1.
+
+
+if configuration file was set in command line, the reconfiguration
+was impossible;
+the bug had appeared in 0.1.1.
+
+
+
+
+
+модуль проксировании мог привести к зацикливанию, если не использовался
+sendfile.
+
+
+proxy module may get caught in an endless loop when sendfile is not used.
+
+
+
+
+
+при использовании sendfile текст ответа не перекодировался
+согласно директивам модуля charset;
+ошибка появилась в 0.1.1.
+
+
+with sendfile the response was not recoded according to the charset
+module directives;
+the bug had appeared in 0.1.1.
+
+
+
+
+
+очень редкая ошибка при обработке kqueue.
+
+
+very seldom bug in the kqueue processing.
+
+
+
+
+
+модуль сжатия сжимал уже сжатые ответы, полученные при проксировании.
+
+
+the gzip module compressed the proxied responses that was already compressed.
+
+
+
+
+
+
+
+
+
+
+директива gzip_types.
+
+
+the gzip_types directive.
+
+
+
+
+
+директива tcp_nodelay.
+
+
+the tcp_nodelay directive.
+
+
+
+
+
+директива send_lowat работает не только на платформах, поддерживающих
+kqueue NOTE_LOWAT, но и на всех, поддерживающих SO_SNDLOWAT.
+
+
+the send_lowat directive is working not only on OSes that support
+kqueue NOTE_LOWAT, but also on OSes that support SO_SNDLOWAT.
+
+
+
+
+
+эмуляция setproctitle() для Linux и Solaris.
+
+
+the setproctitle() emulation for Linux and Solaris.
+
+
+
+
+
+ошибка при переписывании заголовка "Location" при проксировании.
+
+
+the "Location" header rewrite bug fixed while the proxying.
+
+
+
+
+
+ошибка в модуле ngx_http_chunked_module, приводившая к зацикливанию.
+
+
+the ngx_http_chunked_module module may get caught in an endless loop.
+
+
+
+
+
+ошибки в модуле /dev/poll.
+
+
+the /dev/poll module bugs fixed.
+
+
+
+
+
+при проксировании и использовании временных файлов ответы портились.
+
+
+the responses were corrupted when the temporary files were used
+while the proxying.
+
+
+
+
+
+бэкенду передавались запросы с неперекодированными символами.
+
+
+the unescaped requests were passed to the backend.
+
+
+
+
+
+на Linux 2.4 при конфигурации сборки нужно было обязательно использовать
+параметр --with-poll_module.
+
+
+while the build configuration on Linux 2.4 the --with-poll_module parameter
+was required.
+
+
+
+
+
+
+
+
+
+
+Первая публично доступная версия.
+
+
+The first public version.
+
+
+
+
+
+
+
diff --git a/docs/xsls/changes.xsls b/docs/xsls/changes.xsls
new file mode 100644
index 0000000..4b34254
--- /dev/null
+++ b/docs/xsls/changes.xsls
@@ -0,0 +1,134 @@
+X:stylesheet {
+
+X:output method="text";
+
+X:param lang="'en'";
+X:param configuration="'../xml/change_log_conf.xml'";
+
+X:var conf = "document($configuration)/configuration";
+X:var start = "$conf/start";
+X:var indent = "$conf/indent";
+X:var max = "$conf/length";
+X:var br = {<br>}
+
+
+X:template = "/" { !! "change_log"; }
+X:template = "change_log" { !! "changes"; }
+
+
+X:template = "changes" {
+ X:text {
}
+
+ !{substring(concat($conf/changes[@lang=$lang]/title,
+ //change_log/@title,
+ ' ', @ver,
+ ' '),
+ 1, $conf/changes[@lang=$lang]/length)}
+
+ X:if "$lang='ru'" {
+ !{substring(@date, 9, 2)}
+ X:text {.}
+ !{substring(@date, 6, 2)}
+ X:text {.}
+ !{substring(@date, 1, 4)}
+ }
+
+ X:if "$lang='en'" {
+ !{substring(@date, 9, 2)}
+ !{$conf/changes[@lang=$lang]/month[number(substring(current()/@date,
+ 6, 2))]}
+ !{substring(@date, 1, 4)}
+ }
+
+ X:text {
}
+
+ !! "change";
+
+ X:text {
}
+}
+
+
+X:template = "change" {
+ X:var prefix = "$conf/changes[@lang=$lang]/*[local-name(.)=current()/@type]"
+
+ X:var postfix = { X:if "$prefix" { X:text {: } } }
+
+ !! "para[@lang=$lang]" (prefix = "concat($start, $prefix, $postfix)");
+}
+
+
+X:template para(prefix) = "para" {
+ X:var text = { !!; }
+
+ X:text {
}
+
+ !wrap(text = "normalize-space($text)",
+ prefix = { X:if "position() = 1" { !{$prefix} } else { !{$indent} } })
+}
+
+
+X:template wrap(text, prefix) {
+ X:if "$text" {
+ X:var offset = {
+ X:choose {
+ X:when "starts-with($text, concat($br, ' '))" {
+ !{string-length($br) + 2}
+ }
+ X:when "starts-with($text, $br)" {
+ !{string-length($br) + 1}
+ }
+ X:otherwise {
+ 1
+ }
+ }
+ }
+
+ X:var length = {
+ !length(text = "substring($text, $offset)",
+ prefix = "string-length($prefix)",
+ length = "$max")
+ }
+
+ !{$prefix}
+
+ !{normalize-space(translate(substring($text, $offset, $length),
+ ' ', ' '))}
+
+ X:text {
}
+
+ !wrap(text = "substring($text, $length + $offset)", prefix = "$indent")
+ }
+}
+
+
+X:template length(text, prefix, length) {
+ X:var break = "substring-before(substring($text, 1,
+ $length - $prefix + string-length($br)),
+ $br)"
+
+ X:choose {
+ X:when "$break" { !{string-length($break)} }
+
+ X:when "$length = 0" { !{$max - $prefix} }
+
+ X:when "string-length($text) + $prefix <= $length" {
+ !{$length - $prefix}
+ }
+
+ X:when "substring($text, $length - $prefix + 1, 1) = ' '" {
+ !{$length - $prefix + 1}
+ }
+
+ X:otherwise {
+ !length(text = "$text", prefix = "$prefix", length = "$length - 1")
+ }
+ }
+}
+
+
+X:template = "at" {@}
+X:template = "br" { !{$br} }
+X:template = "nobr" { !{translate(., ' ', ' ')} }
+
+
+}
diff --git a/docs/xslt/changes.xslt b/docs/xslt/changes.xslt
new file mode 100644
index 0000000..55ee515
--- /dev/null
+++ b/docs/xslt/changes.xslt
@@ -0,0 +1,128 @@
+
+
+
+
+
+
+
+
+
+
+
+
+<br>
+
+
+
+
+
+
+
+
+
+
+
+
+
+ .
+
+ .
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ :
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+@
+
+
+
+
+
diff --git a/misc/GNUmakefile b/misc/GNUmakefile
new file mode 100644
index 0000000..b7e76b9
--- /dev/null
+++ b/misc/GNUmakefile
@@ -0,0 +1,151 @@
+
+VER = $(shell grep 'define NGINX_VERSION' src/core/nginx.h \
+ | sed -e 's/^.*"\(.*\)".*/\1/')
+NGINX = nginx-$(VER)
+TEMP = tmp
+
+CC = cl
+OBJS = objs.msvc8
+OPENSSL = openssl-3.0.15
+ZLIB = zlib-1.3.1
+PCRE = pcre2-10.39
+
+
+release: export
+
+ mv $(TEMP)/$(NGINX)/auto/configure $(TEMP)/$(NGINX)
+
+ mv $(TEMP)/$(NGINX)/docs/html $(TEMP)/$(NGINX)
+ mv $(TEMP)/$(NGINX)/docs/man $(TEMP)/$(NGINX)
+
+ $(MAKE) -f docs/GNUmakefile changes
+
+ rm -r $(TEMP)/$(NGINX)/docs
+ rm -r $(TEMP)/$(NGINX)/misc
+
+ tar -c -z -f $(NGINX).tar.gz --directory $(TEMP) $(NGINX)
+
+
+export:
+ rm -rf $(TEMP)
+ git archive --prefix=$(TEMP)/$(NGINX)/ HEAD | tar -x -f - --exclude '.git*'
+
+
+RELEASE:
+ git commit -m nginx-$(VER)-RELEASE
+ git tag -m "release-$(VER) tag" release-$(VER)
+
+ $(MAKE) -f misc/GNUmakefile release
+
+
+win32:
+ ./auto/configure \
+ --with-cc=$(CC) \
+ --builddir=$(OBJS) \
+ --with-debug \
+ --prefix= \
+ --conf-path=conf/nginx.conf \
+ --pid-path=logs/nginx.pid \
+ --http-log-path=logs/access.log \
+ --error-log-path=logs/error.log \
+ --sbin-path=nginx.exe \
+ --http-client-body-temp-path=temp/client_body_temp \
+ --http-proxy-temp-path=temp/proxy_temp \
+ --http-fastcgi-temp-path=temp/fastcgi_temp \
+ --http-scgi-temp-path=temp/scgi_temp \
+ --http-uwsgi-temp-path=temp/uwsgi_temp \
+ --with-cc-opt=-DFD_SETSIZE=1024 \
+ --with-pcre=$(OBJS)/lib/$(PCRE) \
+ --with-zlib=$(OBJS)/lib/$(ZLIB) \
+ --with-http_v2_module \
+ --with-http_realip_module \
+ --with-http_addition_module \
+ --with-http_sub_module \
+ --with-http_dav_module \
+ --with-http_stub_status_module \
+ --with-http_flv_module \
+ --with-http_mp4_module \
+ --with-http_gunzip_module \
+ --with-http_gzip_static_module \
+ --with-http_auth_request_module \
+ --with-http_random_index_module \
+ --with-http_secure_link_module \
+ --with-http_slice_module \
+ --with-mail \
+ --with-stream \
+ --with-stream_realip_module \
+ --with-stream_ssl_preread_module \
+ --with-openssl=$(OBJS)/lib/$(OPENSSL) \
+ --with-openssl-opt="no-asm no-tests -D_WIN32_WINNT=0x0501" \
+ --with-http_ssl_module \
+ --with-mail_ssl_module \
+ --with-stream_ssl_module
+
+
+zip: export
+ rm -f $(NGINX).zip
+
+ mkdir -p $(TEMP)/$(NGINX)/docs.new
+ mkdir -p $(TEMP)/$(NGINX)/logs
+ mkdir -p $(TEMP)/$(NGINX)/temp
+
+ sed -i '' -e "s/$$/`printf '\r'`/" $(TEMP)/$(NGINX)/conf/*
+
+ mv $(TEMP)/$(NGINX)/LICENSE $(TEMP)/$(NGINX)/docs.new
+ mv $(TEMP)/$(NGINX)/README.md $(TEMP)/$(NGINX)/docs.new
+ mv $(TEMP)/$(NGINX)/CODE_OF_CONDUCT.md $(TEMP)/$(NGINX)/docs.new
+ mv $(TEMP)/$(NGINX)/CONTRIBUTING.md $(TEMP)/$(NGINX)/docs.new
+ mv $(TEMP)/$(NGINX)/SECURITY.md $(TEMP)/$(NGINX)/docs.new
+ mv $(TEMP)/$(NGINX)/docs/html $(TEMP)/$(NGINX)
+
+ rm -r $(TEMP)/$(NGINX)/docs
+ mv $(TEMP)/$(NGINX)/docs.new $(TEMP)/$(NGINX)/docs
+
+ cp -p $(OBJS)/nginx.exe $(TEMP)/$(NGINX)
+
+ $(MAKE) -f docs/GNUmakefile changes
+ mv $(TEMP)/$(NGINX)/CHANGES* $(TEMP)/$(NGINX)/docs/
+
+ cp -p $(OBJS)/lib/$(OPENSSL)/LICENSE.txt \
+ $(TEMP)/$(NGINX)/docs/OpenSSL.LICENSE
+
+ cp -p $(OBJS)/lib/$(PCRE)/LICENCE \
+ $(TEMP)/$(NGINX)/docs/PCRE.LICENCE
+
+ sed -ne '/^ (C) 1995-20/,/^ jloup@gzip\.org/p' \
+ $(OBJS)/lib/$(ZLIB)/README \
+ > $(TEMP)/$(NGINX)/docs/zlib.LICENSE
+
+ touch -r $(OBJS)/lib/$(ZLIB)/README \
+ $(TEMP)/$(NGINX)/docs/zlib.LICENSE
+
+ rm -r $(TEMP)/$(NGINX)/auto
+ rm -r $(TEMP)/$(NGINX)/misc
+ rm -r $(TEMP)/$(NGINX)/src
+
+ cd $(TEMP) && zip -r ../$(NGINX).zip $(NGINX)
+
+
+icons: src/os/win32/nginx.ico
+
+# 48x48, 32x32 and 16x16 icons
+
+src/os/win32/nginx.ico: src/os/win32/nginx_icon48.xpm \
+ src/os/win32/nginx_icon32.xpm \
+ src/os/win32/nginx_icon16.xpm
+
+ test -d $(TEMP) || mkdir $(TEMP)
+
+ xpmtoppm --alphaout=$(TEMP)/nginx48.pbm \
+ src/os/win32/nginx_icon48.xpm > $(TEMP)/nginx48.ppm
+
+ xpmtoppm --alphaout=$(TEMP)/nginx32.pbm \
+ src/os/win32/nginx_icon32.xpm > $(TEMP)/nginx32.ppm
+
+ xpmtoppm --alphaout=$(TEMP)/nginx16.pbm \
+ src/os/win32/nginx_icon16.xpm > $(TEMP)/nginx16.ppm
+
+ ppmtowinicon -output src/os/win32/nginx.ico -andpgms \
+ $(TEMP)/nginx48.ppm $(TEMP)/nginx48.pbm \
+ $(TEMP)/nginx32.ppm $(TEMP)/nginx32.pbm \
+ $(TEMP)/nginx16.ppm $(TEMP)/nginx16.pbm
diff --git a/misc/README b/misc/README
new file mode 100644
index 0000000..3f7b323
--- /dev/null
+++ b/misc/README
@@ -0,0 +1,13 @@
+
+make -f misc/GNUmakefile release
+
+the required tools:
+*) xsltproc to build CHANGES,
+*) xslscript.pl ( http://hg.nginx.org/xslscript ) to build XSLTs
+ from XSLScript sources.
+
+
+make -f misc/GNUmakefile icons
+
+the required tool:
+*) netpbm to create Win32 icons from xpm sources.
diff --git a/src/core/nginx.h b/src/core/nginx.h
index 4229012..72664a5 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1028000
-#define NGINX_VERSION "1.28.0"
+#define nginx_version 1029000
+#define NGINX_VERSION "1.29.0"
#define NGINX_VER "nginx/" NGINX_VERSION
#ifdef NGX_BUILD
diff --git a/src/core/ngx_config.h b/src/core/ngx_config.h
index 1861be6..707ab21 100644
--- a/src/core/ngx_config.h
+++ b/src/core/ngx_config.h
@@ -94,7 +94,7 @@ typedef intptr_t ngx_flag_t;
#ifndef NGX_ALIGNMENT
-#define NGX_ALIGNMENT sizeof(unsigned long) /* platform word */
+#define NGX_ALIGNMENT sizeof(uintptr_t) /* platform word */
#endif
#define ngx_align(d, a) (((d) + (a - 1)) & ~(a - 1))
diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c
index 75809d9..7cae295 100644
--- a/src/core/ngx_connection.c
+++ b/src/core/ngx_connection.c
@@ -765,6 +765,8 @@ ngx_configure_listening_sockets(ngx_cycle_t *cycle)
#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+#if !(NGX_DARWIN)
+
if (ls[i].keepidle) {
value = ls[i].keepidle;
@@ -782,6 +784,8 @@ ngx_configure_listening_sockets(ngx_cycle_t *cycle)
}
}
+#endif
+
if (ls[i].keepintvl) {
value = ls[i].keepintvl;
diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c
index 2703879..033d7e0 100644
--- a/src/event/ngx_event_accept.c
+++ b/src/event/ngx_event_accept.c
@@ -203,6 +203,23 @@ ngx_event_accept(ngx_event_t *ev)
}
}
+#if (NGX_HAVE_KEEPALIVE_TUNABLE && NGX_DARWIN)
+
+ /* Darwin doesn't inherit TCP_KEEPALIVE from a listening socket */
+
+ if (ls->keepidle) {
+ if (setsockopt(s, IPPROTO_TCP, TCP_KEEPALIVE,
+ (const void *) &ls->keepidle, sizeof(int))
+ == -1)
+ {
+ ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno,
+ "setsockopt(TCP_KEEPALIVE, %d) failed, ignored",
+ ls->keepidle);
+ }
+ }
+
+#endif
+
*log = ls->log;
c->recv = ngx_recv;
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 6992cc4..a7b3894 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -45,8 +45,6 @@ static ssize_t ngx_ssl_sendfile(ngx_connection_t *c, ngx_buf_t *file,
size_t size);
static void ngx_ssl_read_handler(ngx_event_t *rev);
static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
-static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
- ngx_err_t err, char *text);
static void ngx_ssl_clear_error(ngx_log_t *log);
static ngx_int_t ngx_ssl_session_id_context(ngx_ssl_t *ssl,
@@ -1315,6 +1313,8 @@ ngx_ssl_passwords_cleanup(void *data)
ngx_int_t
ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
{
+#ifndef OPENSSL_NO_DH
+
BIO *bio;
if (file->len == 0) {
@@ -1385,6 +1385,8 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
BIO_free(bio);
+#endif
+
return NGX_OK;
}
@@ -3297,7 +3299,7 @@ ngx_ssl_shutdown_handler(ngx_event_t *ev)
}
-static void
+void
ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
char *text)
{
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index b7aaaca..9e68deb 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -19,7 +19,9 @@
#include
#include
#include
+#ifndef OPENSSL_NO_DH
#include
+#endif
#ifndef OPENSSL_NO_ENGINE
#include
#endif
@@ -83,6 +85,17 @@
#endif
+#ifdef OPENSSL_NO_DEPRECATED_3_4
+#define SSL_SESSION_get_time(s) SSL_SESSION_get_time_ex(s)
+#define SSL_SESSION_set_time(s, t) SSL_SESSION_set_time_ex(s, t)
+#endif
+
+
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+#define EVP_CIPHER_CTX_cipher(c) EVP_CIPHER_CTX_get0_cipher(c)
+#endif
+
+
typedef struct ngx_ssl_ocsp_s ngx_ssl_ocsp_t;
@@ -348,6 +361,8 @@ ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in,
off_t limit);
void ngx_ssl_free_buffer(ngx_connection_t *c);
ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
+void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
+ char *text);
void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
char *fmt, ...);
void ngx_ssl_cleanup_ctx(void *data);
diff --git a/src/event/ngx_event_openssl_cache.c b/src/event/ngx_event_openssl_cache.c
index d62b4c4..18efc73 100644
--- a/src/event/ngx_event_openssl_cache.c
+++ b/src/event/ngx_event_openssl_cache.c
@@ -8,10 +8,16 @@
#include
#include
+#ifdef ERR_R_OSSL_STORE_LIB
+#include
+#include
+#endif
+
#define NGX_SSL_CACHE_PATH 0
#define NGX_SSL_CACHE_DATA 1
#define NGX_SSL_CACHE_ENGINE 2
+#define NGX_SSL_CACHE_STORE 3
#define NGX_SSL_CACHE_DISABLED (ngx_array_t *) (uintptr_t) -1
@@ -116,6 +122,8 @@ static void ngx_ssl_cache_node_insert(ngx_rbtree_node_t *temp,
static void ngx_ssl_cache_node_free(ngx_rbtree_t *rbtree,
ngx_ssl_cache_node_t *cn);
+static ngx_int_t ngx_openssl_cache_init_worker(ngx_cycle_t *cycle);
+
static ngx_command_t ngx_openssl_cache_commands[] = {
@@ -144,7 +152,7 @@ ngx_module_t ngx_openssl_cache_module = {
NGX_CORE_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
- NULL, /* init process */
+ ngx_openssl_cache_init_worker, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
@@ -444,6 +452,11 @@ ngx_ssl_cache_init_key(ngx_pool_t *pool, ngx_uint_t index, ngx_str_t *path,
{
id->type = NGX_SSL_CACHE_ENGINE;
+ } else if (index == NGX_SSL_CACHE_PKEY
+ && ngx_strncmp(path->data, "store:", sizeof("store:") - 1) == 0)
+ {
+ id->type = NGX_SSL_CACHE_STORE;
+
} else {
if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, path)
!= NGX_OK)
@@ -714,11 +727,6 @@ ngx_ssl_cache_pkey_create(ngx_ssl_cache_key_t *id, char **err, void *data)
#endif
}
- bio = ngx_ssl_cache_create_bio(id, err);
- if (bio == NULL) {
- return NULL;
- }
-
cb_data.encrypted = 0;
if (*passwords) {
@@ -734,6 +742,76 @@ ngx_ssl_cache_pkey_create(ngx_ssl_cache_key_t *id, char **err, void *data)
cb = NULL;
}
+ if (id->type == NGX_SSL_CACHE_STORE) {
+
+#ifdef ERR_R_OSSL_STORE_LIB
+
+ u_char *uri;
+ UI_METHOD *method;
+ OSSL_STORE_CTX *store;
+ OSSL_STORE_INFO *info;
+
+ method = (cb != NULL) ? UI_UTIL_wrap_read_pem_callback(cb, 0) : NULL;
+ uri = id->data + sizeof("store:") - 1;
+
+ store = OSSL_STORE_open((char *) uri, method, pwd, NULL, NULL);
+
+ if (store == NULL) {
+ *err = "OSSL_STORE_open() failed";
+
+ if (method != NULL) {
+ UI_destroy_method(method);
+ }
+
+ return NULL;
+ }
+
+ pkey = NULL;
+
+ while (pkey == NULL && !OSSL_STORE_eof(store)) {
+ info = OSSL_STORE_load(store);
+
+ if (info == NULL) {
+ continue;
+ }
+
+ if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
+ pkey = OSSL_STORE_INFO_get1_PKEY(info);
+ }
+
+ OSSL_STORE_INFO_free(info);
+ }
+
+ OSSL_STORE_close(store);
+
+ if (method != NULL) {
+ UI_destroy_method(method);
+ }
+
+ if (pkey == NULL) {
+ *err = "OSSL_STORE_load() failed";
+ return NULL;
+ }
+
+ if (cb_data.encrypted) {
+ *passwords = NGX_SSL_CACHE_DISABLED;
+ }
+
+ return pkey;
+
+#else
+
+ *err = "loading \"store:...\" certificate keys is not supported";
+ return NULL;
+
+#endif
+ }
+
+ bio = ngx_ssl_cache_create_bio(id, err);
+ if (bio == NULL) {
+ return NULL;
+ }
+
for ( ;; ) {
pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, pwd);
@@ -1157,3 +1235,20 @@ ngx_ssl_cache_node_insert(ngx_rbtree_node_t *temp,
node->right = sentinel;
ngx_rbt_red(node);
}
+
+
+static ngx_int_t
+ngx_openssl_cache_init_worker(ngx_cycle_t *cycle)
+{
+#ifdef ERR_R_OSSL_STORE_LIB
+
+ if (ngx_process != NGX_PROCESS_WORKER) {
+ return NGX_OK;
+ }
+
+ UI_set_default_method(UI_null());
+
+#endif
+
+ return NGX_OK;
+}
diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
index 4682eca..8df4877 100644
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -72,7 +72,7 @@ ngx_quic_connstate_dbg(ngx_connection_t *c)
if (qc) {
- if (qc->error != (ngx_uint_t) -1) {
+ if (qc->error) {
p = ngx_slprintf(p, last, "%s", qc->error_app ? " app" : "");
p = ngx_slprintf(p, last, " error:%ui", qc->error);
@@ -135,6 +135,9 @@ ngx_quic_apply_transport_params(ngx_connection_t *c, ngx_quic_tp_t *ctp)
if (scid.len != ctp->initial_scid.len
|| ngx_memcmp(scid.data, ctp->initial_scid.data, scid.len) != 0)
{
+ qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
+ qc->error_reason = "invalid initial_source_connection_id";
+
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"quic client initial_source_connection_id mismatch");
return NGX_ERROR;
@@ -257,9 +260,9 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
qc->send_ctx[i].pending_ack = NGX_QUIC_UNSET_PN;
}
- qc->send_ctx[0].level = ssl_encryption_initial;
- qc->send_ctx[1].level = ssl_encryption_handshake;
- qc->send_ctx[2].level = ssl_encryption_application;
+ qc->send_ctx[0].level = NGX_QUIC_ENCRYPTION_INITIAL;
+ qc->send_ctx[1].level = NGX_QUIC_ENCRYPTION_HANDSHAKE;
+ qc->send_ctx[2].level = NGX_QUIC_ENCRYPTION_APPLICATION;
ngx_queue_init(&qc->free_frames);
@@ -517,7 +520,7 @@ ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc)
* to terminate the connection immediately.
*/
- if (qc->error == (ngx_uint_t) -1) {
+ if (qc->error == 0 && rc == NGX_ERROR) {
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
qc->error_app = 0;
}
@@ -797,13 +800,13 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
pkt->dcid.len, &pkt->dcid);
#if (NGX_DEBUG)
- if (pkt->level != ssl_encryption_application) {
+ if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic packet rx scid len:%uz %xV",
pkt->scid.len, &pkt->scid);
}
- if (pkt->level == ssl_encryption_initial) {
+ if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic address validation token len:%uz %xV",
pkt->token.len, &pkt->token);
@@ -820,7 +823,7 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
return NGX_DECLINED;
}
- if (pkt->level != ssl_encryption_application) {
+ if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
if (pkt->version != qc->version) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
@@ -850,7 +853,9 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
rc = ngx_quic_handle_payload(c, pkt);
- if (rc == NGX_DECLINED && pkt->level == ssl_encryption_application) {
+ if (rc == NGX_DECLINED
+ && pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION)
+ {
if (ngx_quic_handle_stateless_reset(c, pkt) == NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"quic stateless reset packet detected");
@@ -871,11 +876,11 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
return ngx_quic_negotiate_version(c, pkt);
}
- if (pkt->level == ssl_encryption_application) {
+ if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
return ngx_quic_send_stateless_reset(c, conf, pkt);
}
- if (pkt->level != ssl_encryption_initial) {
+ if (pkt->level != NGX_QUIC_ENCRYPTION_INITIAL) {
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic expected initial, got handshake");
return NGX_ERROR;
@@ -958,7 +963,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
qc = ngx_quic_get_connection(c);
- qc->error = (ngx_uint_t) -1;
+ qc->error = 0;
qc->error_reason = 0;
c->log->action = "decrypting packet";
@@ -970,10 +975,10 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
return NGX_DECLINED;
}
-#if !defined (OPENSSL_IS_BORINGSSL)
- /* OpenSSL provides read keys for an application level before it's ready */
+#if (NGX_QUIC_QUICTLS_API)
+ /* QuicTLS provides app read keys before completing handshake */
- if (pkt->level == ssl_encryption_application && !c->ssl->handshaked) {
+ if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION && !c->ssl->handshaked) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"quic no %s keys ready, ignoring packet",
ngx_quic_level_name(pkt->level));
@@ -1011,14 +1016,14 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
}
}
- if (pkt->level == ssl_encryption_handshake) {
+ if (pkt->level == NGX_QUIC_ENCRYPTION_HANDSHAKE) {
/*
* RFC 9001, 4.9.1. Discarding Initial Keys
*
* The successful use of Handshake packets indicates
* that no more Initial packets need to be exchanged
*/
- ngx_quic_discard_ctx(c, ssl_encryption_initial);
+ ngx_quic_discard_ctx(c, NGX_QUIC_ENCRYPTION_INITIAL);
if (!qc->path->validated) {
qc->path->validated = 1;
@@ -1027,14 +1032,14 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
}
}
- if (pkt->level == ssl_encryption_application) {
+ if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
/*
* RFC 9001, 4.9.3. Discarding 0-RTT Keys
*
* After receiving a 1-RTT packet, servers MUST discard
* 0-RTT keys within a short time
*/
- ngx_quic_keys_discard(qc->keys, ssl_encryption_early_data);
+ ngx_quic_keys_discard(qc->keys, NGX_QUIC_ENCRYPTION_EARLY_DATA);
}
if (qc->closing) {
@@ -1061,7 +1066,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
c->log->action = "handling payload";
- if (pkt->level != ssl_encryption_application) {
+ if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
return ngx_quic_handle_frames(c, pkt);
}
@@ -1086,7 +1091,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
void
-ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
+ngx_quic_discard_ctx(ngx_connection_t *c, ngx_uint_t level)
{
ngx_queue_t *q;
ngx_quic_frame_t *f;
@@ -1127,7 +1132,7 @@ ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
ngx_quic_free_frame(c, f);
}
- if (level == ssl_encryption_initial) {
+ if (level == NGX_QUIC_ENCRYPTION_INITIAL) {
/* close temporary listener with initial dcid */
qsock = ngx_quic_find_socket(c, NGX_QUIC_UNSET_PN);
if (qsock) {
diff --git a/src/event/quic/ngx_event_quic.h b/src/event/quic/ngx_event_quic.h
index 1520167..d95d3d8 100644
--- a/src/event/quic/ngx_event_quic.h
+++ b/src/event/quic/ngx_event_quic.h
@@ -12,6 +12,21 @@
#include
+#ifdef OSSL_RECORD_PROTECTION_LEVEL_NONE
+#define NGX_QUIC_OPENSSL_API 1
+
+#elif (defined SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION)
+#define NGX_QUIC_QUICTLS_API 1
+
+#elif (defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER)
+#define NGX_QUIC_BORINGSSL_API 1
+
+#else
+#define NGX_QUIC_BORINGSSL_API 1
+#define NGX_QUIC_OPENSSL_COMPAT 1
+#endif
+
+
#define NGX_QUIC_MAX_UDP_PAYLOAD_SIZE 65527
#define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3
diff --git a/src/event/quic/ngx_event_quic_ack.c b/src/event/quic/ngx_event_quic_ack.c
index b8b72e9..abd3f7a 100644
--- a/src/event/quic/ngx_event_quic_ack.c
+++ b/src/event/quic/ngx_event_quic_ack.c
@@ -22,7 +22,7 @@
/* CUBIC parameters x10 */
#define NGX_QUIC_CUBIC_BETA 7
-#define MGX_QUIC_CUBIC_C 4
+#define NGX_QUIC_CUBIC_C 4
/* send time of ACK'ed packets */
@@ -36,7 +36,7 @@ typedef struct {
static ngx_inline ngx_msec_t ngx_quic_time_threshold(ngx_quic_connection_t *qc);
static uint64_t ngx_quic_packet_threshold(ngx_quic_send_ctx_t *ctx);
static void ngx_quic_rtt_sample(ngx_connection_t *c, ngx_quic_ack_frame_t *ack,
- enum ssl_encryption_level_t level, ngx_msec_t send_time);
+ ngx_uint_t level, ngx_msec_t send_time);
static ngx_int_t ngx_quic_handle_ack_frame_range(ngx_connection_t *c,
ngx_quic_send_ctx_t *ctx, uint64_t min, uint64_t max,
ngx_quic_ack_stat_t *st);
@@ -108,7 +108,7 @@ ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "quic ngx_quic_handle_ack_frame level:%d", pkt->level);
+ "quic ngx_quic_handle_ack_frame level:%ui", pkt->level);
ack = &f->u.ack;
@@ -207,7 +207,7 @@ ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
static void
ngx_quic_rtt_sample(ngx_connection_t *c, ngx_quic_ack_frame_t *ack,
- enum ssl_encryption_level_t level, ngx_msec_t send_time)
+ ngx_uint_t level, ngx_msec_t send_time)
{
ngx_msec_t latest_rtt, ack_delay, adjusted_rtt, rttvar_sample;
ngx_quic_connection_t *qc;
@@ -260,7 +260,7 @@ ngx_quic_handle_ack_frame_range(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
qc = ngx_quic_get_connection(c);
- if (ctx->level == ssl_encryption_application) {
+ if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
if (ngx_quic_handle_path_mtu(c, qc->path, min, max) != NGX_OK) {
return NGX_ERROR;
}
@@ -483,7 +483,7 @@ ngx_quic_congestion_cubic(ngx_connection_t *c)
* w_cubic = C * (t_msec / 1000) ^ 3 * mtu + w_max
*/
- cc = 10000000000ll / (int64_t) cg->mtu / MGX_QUIC_CUBIC_C;
+ cc = 10000000000ll / (int64_t) cg->mtu / NGX_QUIC_CUBIC_C;
w = t * t * t / cc + (int64_t) cg->w_max;
if (w > NGX_MAX_SIZE_T_VALUE) {
@@ -634,7 +634,7 @@ ngx_quic_detect_lost(ngx_connection_t *c, ngx_quic_ack_stat_t *st)
wait = start->send_time + thr - now;
ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "quic detect_lost pnum:%uL thr:%M pthr:%uL wait:%i level:%d",
+ "quic detect_lost pnum:%uL thr:%M pthr:%uL wait:%i level:%ui",
start->pnum, thr, pkt_thr, (ngx_int_t) wait, start->level);
if ((ngx_msec_int_t) wait > 0
@@ -787,7 +787,7 @@ ngx_quic_resend_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
switch (f->type) {
case NGX_QUIC_FT_ACK:
case NGX_QUIC_FT_ACK_ECN:
- if (ctx->level == ssl_encryption_application) {
+ if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
/* force generation of most recent acknowledgment */
ctx->send_ack = NGX_QUIC_MAX_ACK_GAP;
}
@@ -945,7 +945,7 @@ ngx_quic_congestion_cubic_time(ngx_connection_t *c)
return 0;
}
- cc = 10000000000ll / (int64_t) cg->mtu / MGX_QUIC_CUBIC_C;
+ cc = 10000000000ll / (int64_t) cg->mtu / NGX_QUIC_CUBIC_C;
v = (int64_t) (cg->w_max - cg->window) * cc;
/*
@@ -1073,7 +1073,7 @@ ngx_quic_pto(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
duration = qc->avg_rtt;
duration += ngx_max(4 * qc->rttvar, NGX_QUIC_TIME_GRANULARITY);
- if (ctx->level == ssl_encryption_application && c->ssl->handshaked) {
+ if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION && c->ssl->handshaked) {
duration += qc->ctp.max_ack_delay;
}
@@ -1428,7 +1428,7 @@ ngx_quic_generate_ack(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
return NGX_OK;
}
- if (ctx->level == ssl_encryption_application) {
+ if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
delay = ngx_current_msec - ctx->ack_delay_start;
qc = ngx_quic_get_connection(c);
diff --git a/src/event/quic/ngx_event_quic_connection.h b/src/event/quic/ngx_event_quic_connection.h
index 04cda85..33922cf 100644
--- a/src/event/quic/ngx_event_quic_connection.h
+++ b/src/event/quic/ngx_event_quic_connection.h
@@ -17,6 +17,15 @@
/* #define NGX_QUIC_DEBUG_ALLOC */ /* log frames and bufs alloc */
/* #define NGX_QUIC_DEBUG_CRYPTO */
+#define NGX_QUIC_ENCRYPTION_INITIAL 0
+#define NGX_QUIC_ENCRYPTION_EARLY_DATA 1
+#define NGX_QUIC_ENCRYPTION_HANDSHAKE 2
+#define NGX_QUIC_ENCRYPTION_APPLICATION 3
+#define NGX_QUIC_ENCRYPTION_LAST 4
+
+#define NGX_QUIC_SEND_CTX_LAST (NGX_QUIC_ENCRYPTION_LAST - 1)
+
+
typedef struct ngx_quic_connection_s ngx_quic_connection_t;
typedef struct ngx_quic_server_id_s ngx_quic_server_id_t;
typedef struct ngx_quic_client_id_s ngx_quic_client_id_t;
@@ -46,8 +55,6 @@ typedef struct ngx_quic_keys_s ngx_quic_keys_t;
#define NGX_QUIC_UNSET_PN (uint64_t) -1
-#define NGX_QUIC_SEND_CTX_LAST (NGX_QUIC_ENCRYPTION_LAST - 1)
-
/* 0-RTT and 1-RTT data exist in the same packet number space,
* so we have 3 packet number spaces:
*
@@ -56,9 +63,9 @@ typedef struct ngx_quic_keys_s ngx_quic_keys_t;
* 2 - 0-RTT and 1-RTT
*/
#define ngx_quic_get_send_ctx(qc, level) \
- ((level) == ssl_encryption_initial) ? &((qc)->send_ctx[0]) \
- : (((level) == ssl_encryption_handshake) ? &((qc)->send_ctx[1]) \
- : &((qc)->send_ctx[2]))
+ ((level) == NGX_QUIC_ENCRYPTION_INITIAL) ? &((qc)->send_ctx[0]) \
+ : (((level) == NGX_QUIC_ENCRYPTION_HANDSHAKE) ? &((qc)->send_ctx[1]) \
+ : &((qc)->send_ctx[2]))
#define ngx_quic_get_connection(c) \
(((c)->udp) ? (((ngx_quic_socket_t *)((c)->udp))->quic) : NULL)
@@ -188,7 +195,7 @@ typedef struct {
* are also Initial packets.
*/
struct ngx_quic_send_ctx_s {
- enum ssl_encryption_level_t level;
+ ngx_uint_t level;
ngx_quic_buffer_t crypto;
uint64_t crypto_sent;
@@ -279,7 +286,7 @@ struct ngx_quic_connection_s {
off_t received;
ngx_uint_t error;
- enum ssl_encryption_level_t error_level;
+ ngx_uint_t error_level;
ngx_uint_t error_ftype;
const char *error_reason;
@@ -294,13 +301,17 @@ struct ngx_quic_connection_s {
unsigned key_phase:1;
unsigned validated:1;
unsigned client_tp_done:1;
+
+#if (NGX_QUIC_OPENSSL_API)
+ unsigned read_level:2;
+ unsigned write_level:2;
+#endif
};
ngx_int_t ngx_quic_apply_transport_params(ngx_connection_t *c,
ngx_quic_tp_t *ctp);
-void ngx_quic_discard_ctx(ngx_connection_t *c,
- enum ssl_encryption_level_t level);
+void ngx_quic_discard_ctx(ngx_connection_t *c, ngx_uint_t level);
void ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc);
void ngx_quic_shutdown_quic(ngx_connection_t *c);
diff --git a/src/event/quic/ngx_event_quic_connid.c b/src/event/quic/ngx_event_quic_connid.c
index f508682..4e7b8dc 100644
--- a/src/event/quic/ngx_event_quic_connid.c
+++ b/src/event/quic/ngx_event_quic_connid.c
@@ -99,7 +99,7 @@ ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
frame->u.retire_cid.sequence_number = f->seqnum;
@@ -452,7 +452,7 @@ ngx_quic_send_server_id(ngx_connection_t *c, ngx_quic_server_id_t *sid)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_NEW_CONNECTION_ID;
frame->u.ncid.seqnum = sid->seqnum;
frame->u.ncid.retire = 0;
@@ -485,7 +485,7 @@ ngx_quic_free_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
frame->u.retire_cid.sequence_number = cid->seqnum;
diff --git a/src/event/quic/ngx_event_quic_migration.c b/src/event/quic/ngx_event_quic_migration.c
index 6befc34..42354ca 100644
--- a/src/event/quic/ngx_event_quic_migration.c
+++ b/src/event/quic/ngx_event_quic_migration.c
@@ -40,7 +40,7 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
ngx_quic_frame_t *fp;
ngx_quic_connection_t *qc;
- if (pkt->level != ssl_encryption_application || pkt->path_challenged) {
+ if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION || pkt->path_challenged) {
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic ignoring PATH_CHALLENGE");
return NGX_OK;
@@ -55,7 +55,7 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
return NGX_ERROR;
}
- fp->level = ssl_encryption_application;
+ fp->level = NGX_QUIC_ENCRYPTION_APPLICATION;
fp->type = NGX_QUIC_FT_PATH_RESPONSE;
fp->u.path_response = *f;
@@ -93,7 +93,7 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
return NGX_ERROR;
}
- fp->level = ssl_encryption_application;
+ fp->level = NGX_QUIC_ENCRYPTION_APPLICATION;
fp->type = NGX_QUIC_FT_PING;
ngx_quic_queue_frame(qc, fp);
@@ -177,7 +177,7 @@ valid:
if (rst) {
/* prevent old path packets contribution to congestion control */
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
qc->rst_pnum = ctx->pnum;
ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t));
@@ -549,7 +549,7 @@ ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
(void) ngx_quic_send_path_challenge(c, path);
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
pto = ngx_max(ngx_quic_pto(c, ctx), 1000);
path->expires = ngx_current_msec + pto;
@@ -579,7 +579,7 @@ ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_PATH_CHALLENGE;
ngx_memcpy(frame->u.path_challenge.data, path->challenge[n], 8);
@@ -767,7 +767,7 @@ ngx_quic_expire_path_validation(ngx_connection_t *c, ngx_quic_path_t *path)
ngx_quic_connection_t *qc;
qc = ngx_quic_get_connection(c);
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
if (++path->tries < NGX_QUIC_PATH_RETRIES) {
pto = ngx_max(ngx_quic_pto(c, ctx), 1000) << path->tries;
@@ -830,7 +830,7 @@ ngx_quic_expire_path_mtu_delay(ngx_connection_t *c, ngx_quic_path_t *path)
ngx_quic_connection_t *qc;
qc = ngx_quic_get_connection(c);
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
path->tries = 0;
@@ -876,7 +876,7 @@ ngx_quic_expire_path_mtu_discovery(ngx_connection_t *c, ngx_quic_path_t *path)
ngx_quic_connection_t *qc;
qc = ngx_quic_get_connection(c);
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
if (++path->tries < NGX_QUIC_PATH_RETRIES) {
rc = ngx_quic_send_path_mtu_probe(c, path);
@@ -922,13 +922,13 @@ ngx_quic_send_path_mtu_probe(ngx_connection_t *c, ngx_quic_path_t *path)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_PING;
frame->ignore_loss = 1;
frame->ignore_congestion = 1;
qc = ngx_quic_get_connection(c);
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
pnum = ctx->pnum;
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c
index 6052bc6..58298dc 100644
--- a/src/event/quic/ngx_event_quic_openssl_compat.c
+++ b/src/event/quic/ngx_event_quic_openssl_compat.c
@@ -35,8 +35,6 @@ typedef struct {
ngx_str_t payload;
uint64_t number;
ngx_quic_compat_keys_t *keys;
-
- enum ssl_encryption_level_t level;
} ngx_quic_compat_record_t;
@@ -435,11 +433,10 @@ ngx_quic_compat_message_callback(int write_p, int version, int content_type,
case SSL3_RT_HANDSHAKE:
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "quic compat tx %s len:%uz ",
- ngx_quic_level_name(level), len);
+ "quic compat tx level:%d len:%uz", level, len);
if (com->method->add_handshake_data(ssl, level, buf, len) != 1) {
- goto failed;
+ return;
}
break;
@@ -449,11 +446,11 @@ ngx_quic_compat_message_callback(int write_p, int version, int content_type,
alert = ((u_char *) buf)[1];
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "quic compat %s alert:%ui len:%uz ",
- ngx_quic_level_name(level), alert, len);
+ "quic compat level:%d alert:%ui len:%uz",
+ level, alert, len);
if (com->method->send_alert(ssl, level, alert) != 1) {
- goto failed;
+ return;
}
}
@@ -461,10 +458,6 @@ ngx_quic_compat_message_callback(int write_p, int version, int content_type,
}
return;
-
-failed:
-
- ngx_post_event(&qc->close, &ngx_posted_events);
}
@@ -487,8 +480,8 @@ SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
c = ngx_ssl_get_connection(ssl);
- ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat rx %s len:%uz",
- ngx_quic_level_name(level), len);
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic compat rx level:%d len:%uz", level, len);
qc = ngx_quic_get_connection(c);
com = qc->compat;
@@ -501,7 +494,6 @@ SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
rec.log = c->log;
rec.number = com->read_record++;
rec.keys = &com->keys;
- rec.level = level;
if (level == ssl_encryption_initial) {
n = ngx_min(len, 65535);
diff --git a/src/event/quic/ngx_event_quic_openssl_compat.h b/src/event/quic/ngx_event_quic_openssl_compat.h
index 77cc3cb..89ee41e 100644
--- a/src/event/quic/ngx_event_quic_openssl_compat.h
+++ b/src/event/quic/ngx_event_quic_openssl_compat.h
@@ -7,11 +7,6 @@
#ifndef _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_
#define _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_
-#if defined SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION \
- || defined LIBRESSL_VERSION_NUMBER
-#undef NGX_QUIC_OPENSSL_COMPAT
-#else
-
#include
#include
@@ -53,7 +48,4 @@ int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
void SSL_get_peer_quic_transport_params(const SSL *ssl,
const uint8_t **out_params, size_t *out_params_len);
-
-#endif /* TLSEXT_TYPE_quic_transport_parameters */
-
#endif /* _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ */
diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
index a92a539..8c33505 100644
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -55,7 +55,8 @@ static ssize_t ngx_quic_send_segments(ngx_connection_t *c, u_char *buf,
size_t len, struct sockaddr *sockaddr, socklen_t socklen, size_t segment);
#endif
static ssize_t ngx_quic_output_packet(ngx_connection_t *c,
- ngx_quic_send_ctx_t *ctx, u_char *data, size_t max, size_t min);
+ ngx_quic_send_ctx_t *ctx, u_char *data, size_t max, size_t min,
+ ngx_uint_t ack_only);
static void ngx_quic_init_packet(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
ngx_quic_header_t *pkt, ngx_quic_path_t *path);
static ngx_uint_t ngx_quic_get_padding_level(ngx_connection_t *c);
@@ -131,8 +132,7 @@ ngx_quic_create_datagrams(ngx_connection_t *c)
ngx_memzero(preserved_pnum, sizeof(preserved_pnum));
#endif
- while (cg->in_flight < cg->window) {
-
+ do {
p = dst;
len = ngx_quic_path_limit(c, path, path->mtu);
@@ -158,7 +158,8 @@ ngx_quic_create_datagrams(ngx_connection_t *c)
return NGX_OK;
}
- n = ngx_quic_output_packet(c, ctx, p, len, min);
+ n = ngx_quic_output_packet(c, ctx, p, len, min,
+ cg->in_flight >= cg->window);
if (n == NGX_ERROR) {
return NGX_ERROR;
}
@@ -187,7 +188,8 @@ ngx_quic_create_datagrams(ngx_connection_t *c)
ngx_quic_commit_send(c);
path->sent += len;
- }
+
+ } while (cg->in_flight < cg->window);
return NGX_OK;
}
@@ -292,17 +294,17 @@ ngx_quic_allow_segmentation(ngx_connection_t *c)
return 0;
}
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_initial);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_INITIAL);
if (!ngx_queue_empty(&ctx->frames)) {
return 0;
}
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_HANDSHAKE);
if (!ngx_queue_empty(&ctx->frames)) {
return 0;
}
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
bytes = 0;
len = ngx_min(qc->path->mtu, NGX_QUIC_MAX_UDP_SEGMENT_BUF);
@@ -315,6 +317,10 @@ ngx_quic_allow_segmentation(ngx_connection_t *c)
bytes += f->len;
+ if (qc->congestion.in_flight + bytes >= qc->congestion.window) {
+ return 0;
+ }
+
if (bytes > len * 3) {
/* require at least ~3 full packets to batch */
return 1;
@@ -343,7 +349,7 @@ ngx_quic_create_segments(ngx_connection_t *c)
cg = &qc->congestion;
path = qc->path;
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
if (ngx_quic_generate_ack(c, ctx) != NGX_OK) {
return NGX_ERROR;
@@ -364,7 +370,7 @@ ngx_quic_create_segments(ngx_connection_t *c)
if (len && cg->in_flight + (p - dst) < cg->window) {
- n = ngx_quic_output_packet(c, ctx, p, len, len);
+ n = ngx_quic_output_packet(c, ctx, p, len, len, 0);
if (n == NGX_ERROR) {
return NGX_ERROR;
}
@@ -494,7 +500,7 @@ ngx_quic_get_padding_level(ngx_connection_t *c)
*/
qc = ngx_quic_get_connection(c);
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_initial);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_INITIAL);
for (q = ngx_queue_head(&ctx->frames);
q != ngx_queue_sentinel(&ctx->frames);
@@ -521,7 +527,7 @@ ngx_quic_get_padding_level(ngx_connection_t *c)
static ssize_t
ngx_quic_output_packet(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
- u_char *data, size_t max, size_t min)
+ u_char *data, size_t max, size_t min, ngx_uint_t ack_only)
{
size_t len, pad, min_payload, max_payload;
u_char *p;
@@ -585,6 +591,10 @@ ngx_quic_output_packet(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
{
f = ngx_queue_data(q, ngx_quic_frame_t, queue);
+ if (ack_only && f->type != NGX_QUIC_FT_ACK) {
+ break;
+ }
+
if (len >= max_payload) {
break;
}
@@ -677,10 +687,10 @@ ngx_quic_init_packet(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
pkt->flags = NGX_QUIC_PKT_FIXED_BIT;
- if (ctx->level == ssl_encryption_initial) {
+ if (ctx->level == NGX_QUIC_ENCRYPTION_INITIAL) {
pkt->flags |= NGX_QUIC_PKT_LONG | NGX_QUIC_PKT_INITIAL;
- } else if (ctx->level == ssl_encryption_handshake) {
+ } else if (ctx->level == NGX_QUIC_ENCRYPTION_HANDSHAKE) {
pkt->flags |= NGX_QUIC_PKT_LONG | NGX_QUIC_PKT_HANDSHAKE;
} else {
@@ -1093,7 +1103,7 @@ ngx_quic_send_new_token(ngx_connection_t *c, ngx_quic_path_t *path)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_NEW_TOKEN;
frame->data = out;
frame->u.token.length = token.len;
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
index e5c0df7..885843d 100644
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -130,8 +130,8 @@ ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a
};
- client = &keys->secrets[ssl_encryption_initial].client;
- server = &keys->secrets[ssl_encryption_initial].server;
+ client = &keys->secrets[NGX_QUIC_ENCRYPTION_INITIAL].client;
+ server = &keys->secrets[NGX_QUIC_ENCRYPTION_INITIAL].server;
/*
* RFC 9001, section 5. Packet Protection
@@ -656,8 +656,8 @@ ngx_quic_crypto_hp_cleanup(ngx_quic_secret_t *s)
ngx_int_t
ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
- ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
- const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
+ ngx_quic_keys_t *keys, ngx_uint_t level, const SSL_CIPHER *cipher,
+ const uint8_t *secret, size_t secret_len)
{
ngx_int_t key_len;
ngx_str_t secret_str;
@@ -722,8 +722,8 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
ngx_uint_t
-ngx_quic_keys_available(ngx_quic_keys_t *keys,
- enum ssl_encryption_level_t level, ngx_uint_t is_write)
+ngx_quic_keys_available(ngx_quic_keys_t *keys, ngx_uint_t level,
+ ngx_uint_t is_write)
{
if (is_write == 0) {
return keys->secrets[level].client.ctx != NULL;
@@ -734,8 +734,7 @@ ngx_quic_keys_available(ngx_quic_keys_t *keys,
void
-ngx_quic_keys_discard(ngx_quic_keys_t *keys,
- enum ssl_encryption_level_t level)
+ngx_quic_keys_discard(ngx_quic_keys_t *keys, ngx_uint_t level)
{
ngx_quic_secret_t *client, *server;
@@ -765,7 +764,7 @@ ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys)
{
ngx_quic_secrets_t *current, *next, tmp;
- current = &keys->secrets[ssl_encryption_application];
+ current = &keys->secrets[NGX_QUIC_ENCRYPTION_APPLICATION];
next = &keys->next_key;
ngx_quic_crypto_cleanup(¤t->client);
@@ -794,7 +793,7 @@ ngx_quic_keys_update(ngx_event_t *ev)
qc = ngx_quic_get_connection(c);
keys = qc->keys;
- current = &keys->secrets[ssl_encryption_application];
+ current = &keys->secrets[NGX_QUIC_ENCRYPTION_APPLICATION];
next = &keys->next_key;
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update");
diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
index c09456f..fddc608 100644
--- a/src/event/quic/ngx_event_quic_protection.h
+++ b/src/event/quic/ngx_event_quic_protection.h
@@ -14,8 +14,6 @@
#include
-#define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1)
-
/* RFC 5116, 5.1/5.3 and RFC 8439, 2.3/2.5 for all supported ciphers */
#define NGX_QUIC_IV_LEN 12
#define NGX_QUIC_TAG_LEN 16
@@ -94,13 +92,11 @@ typedef struct {
ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
ngx_str_t *secret, ngx_log_t *log);
ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
- ngx_uint_t is_write, ngx_quic_keys_t *keys,
- enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
- const uint8_t *secret, size_t secret_len);
-ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys,
- enum ssl_encryption_level_t level, ngx_uint_t is_write);
-void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
- enum ssl_encryption_level_t level);
+ ngx_uint_t is_write, ngx_quic_keys_t *keys, ngx_uint_t level,
+ const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len);
+ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys, ngx_uint_t level,
+ ngx_uint_t is_write);
+void ngx_quic_keys_discard(ngx_quic_keys_t *keys, ngx_uint_t level);
void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
void ngx_quic_keys_update(ngx_event_t *ev);
void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys);
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index ba0b592..e961c80 100644
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -10,13 +10,6 @@
#include
-#if defined OPENSSL_IS_BORINGSSL \
- || defined LIBRESSL_VERSION_NUMBER \
- || NGX_QUIC_OPENSSL_COMPAT
-#define NGX_QUIC_BORINGSSL_API 1
-#endif
-
-
/*
* RFC 9000, 7.5. Cryptographic Message Buffering
*
@@ -25,43 +18,343 @@
#define NGX_QUIC_MAX_BUFFERED 65535
+#if (NGX_QUIC_OPENSSL_API)
+
+static int ngx_quic_cbs_send(ngx_ssl_conn_t *ssl_conn,
+ const unsigned char *data, size_t len, size_t *consumed, void *arg);
+static int ngx_quic_cbs_recv_rcd(ngx_ssl_conn_t *ssl_conn,
+ const unsigned char **data, size_t *bytes_read, void *arg);
+static int ngx_quic_cbs_release_rcd(ngx_ssl_conn_t *ssl_conn,
+ size_t bytes_read, void *arg);
+static int ngx_quic_cbs_yield_secret(ngx_ssl_conn_t *ssl_conn, uint32_t level,
+ int direction, const unsigned char *secret, size_t secret_len, void *arg);
+static int ngx_quic_cbs_got_transport_params(ngx_ssl_conn_t *ssl_conn,
+ const unsigned char *params, size_t params_len, void *arg);
+static int ngx_quic_cbs_alert(ngx_ssl_conn_t *ssl_conn, unsigned char alert,
+ void *arg);
+
+#else /* NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API */
+
+static ngx_inline ngx_uint_t ngx_quic_map_encryption_level(
+ enum ssl_encryption_level_t ssl_level);
+
#if (NGX_QUIC_BORINGSSL_API)
static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
- enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
+ enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
const uint8_t *secret, size_t secret_len);
static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
- enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
+ enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
const uint8_t *secret, size_t secret_len);
-#else
+#else /* NGX_QUIC_QUICTLS_API */
static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
- enum ssl_encryption_level_t level, const uint8_t *read_secret,
+ enum ssl_encryption_level_t ssl_level, const uint8_t *read_secret,
const uint8_t *write_secret, size_t secret_len);
#endif
static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
- enum ssl_encryption_level_t level, const uint8_t *data, size_t len);
+ enum ssl_encryption_level_t ssl_level, const uint8_t *data, size_t len);
static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
- enum ssl_encryption_level_t level, uint8_t alert);
-static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
- enum ssl_encryption_level_t level);
+ enum ssl_encryption_level_t ssl_level, uint8_t alert);
+
+#endif
+
+static ngx_int_t ngx_quic_handshake(ngx_connection_t *c);
+static ngx_int_t ngx_quic_crypto_provide(ngx_connection_t *c, ngx_uint_t level);
+
+
+#if (NGX_QUIC_OPENSSL_API)
+
+static int
+ngx_quic_cbs_send(ngx_ssl_conn_t *ssl_conn,
+ const unsigned char *data, size_t len, size_t *consumed, void *arg)
+{
+ ngx_connection_t *c = arg;
+
+ ngx_chain_t *out;
+ unsigned int alpn_len;
+ ngx_quic_frame_t *frame;
+ const unsigned char *alpn_data;
+ ngx_quic_send_ctx_t *ctx;
+ ngx_quic_connection_t *qc;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic ngx_quic_cbs_send len:%uz", len);
+
+ qc = ngx_quic_get_connection(c);
+
+ *consumed = 0;
+
+ SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);
+
+ if (alpn_len == 0) {
+ qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
+ qc->error_reason = "missing ALPN extension";
+
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "quic missing ALPN extension");
+ return 1;
+ }
+
+ if (!qc->client_tp_done) {
+ /* RFC 9001, 8.2. QUIC Transport Parameters Extension */
+ qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
+ qc->error_reason = "missing transport parameters";
+
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "missing transport parameters");
+ return 1;
+ }
+
+ ctx = ngx_quic_get_send_ctx(qc, qc->write_level);
+
+ out = ngx_quic_copy_buffer(c, (u_char *) data, len);
+ if (out == NGX_CHAIN_ERROR) {
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+ return 1;
+ }
+
+ frame = ngx_quic_alloc_frame(c);
+ if (frame == NULL) {
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+ return 1;
+ }
+
+ frame->data = out;
+ frame->level = qc->write_level;
+ frame->type = NGX_QUIC_FT_CRYPTO;
+ frame->u.crypto.offset = ctx->crypto_sent;
+ frame->u.crypto.length = len;
+
+ ctx->crypto_sent += len;
+ *consumed = len;
+
+ ngx_quic_queue_frame(qc, frame);
+
+ return 1;
+}
+
+
+static int
+ngx_quic_cbs_recv_rcd(ngx_ssl_conn_t *ssl_conn,
+ const unsigned char **data, size_t *bytes_read, void *arg)
+{
+ ngx_connection_t *c = arg;
+
+ ngx_buf_t *b;
+ ngx_chain_t *cl;
+ ngx_quic_send_ctx_t *ctx;
+ ngx_quic_connection_t *qc;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic ngx_quic_cbs_recv_rcd");
+
+ qc = ngx_quic_get_connection(c);
+ ctx = ngx_quic_get_send_ctx(qc, qc->read_level);
+
+ for (cl = ctx->crypto.chain; cl; cl = cl->next) {
+ b = cl->buf;
+
+ if (b->sync) {
+ /* hole */
+
+ *bytes_read = 0;
+
+ break;
+ }
+
+ *data = b->pos;
+ *bytes_read = b->last - b->pos;
+
+ break;
+ }
+
+ return 1;
+}
+
+
+static int
+ngx_quic_cbs_release_rcd(ngx_ssl_conn_t *ssl_conn, size_t bytes_read, void *arg)
+{
+ ngx_connection_t *c = arg;
+
+ ngx_chain_t *cl;
+ ngx_quic_send_ctx_t *ctx;
+ ngx_quic_connection_t *qc;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic ngx_quic_cbs_release_rcd len:%uz", bytes_read);
+
+ qc = ngx_quic_get_connection(c);
+ ctx = ngx_quic_get_send_ctx(qc, qc->read_level);
+
+ cl = ngx_quic_read_buffer(c, &ctx->crypto, bytes_read);
+ if (cl == NGX_CHAIN_ERROR) {
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+ return 1;
+ }
+
+ ngx_quic_free_chain(c, cl);
+
+ return 1;
+}
+
+
+static int
+ngx_quic_cbs_yield_secret(ngx_ssl_conn_t *ssl_conn, uint32_t ssl_level,
+ int direction, const unsigned char *secret, size_t secret_len, void *arg)
+{
+ ngx_connection_t *c = arg;
+
+ ngx_uint_t level;
+ const SSL_CIPHER *cipher;
+ ngx_quic_connection_t *qc;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic ngx_quic_cbs_yield_secret() level:%uD", ssl_level);
+#ifdef NGX_QUIC_DEBUG_CRYPTO
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic %s secret len:%uz %*xs",
+ direction ? "write" : "read", secret_len,
+ secret_len, secret);
+#endif
+
+ qc = ngx_quic_get_connection(c);
+ cipher = SSL_get_current_cipher(ssl_conn);
+
+ switch (ssl_level) {
+ case OSSL_RECORD_PROTECTION_LEVEL_NONE:
+ level = NGX_QUIC_ENCRYPTION_INITIAL;
+ break;
+ case OSSL_RECORD_PROTECTION_LEVEL_EARLY:
+ level = NGX_QUIC_ENCRYPTION_EARLY_DATA;
+ break;
+ case OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE:
+ level = NGX_QUIC_ENCRYPTION_HANDSHAKE;
+ break;
+ default: /* OSSL_RECORD_PROTECTION_LEVEL_APPLICATION */
+ level = NGX_QUIC_ENCRYPTION_APPLICATION;
+ break;
+ }
+
+ if (ngx_quic_keys_set_encryption_secret(c->log, direction, qc->keys, level,
+ cipher, secret, secret_len)
+ != NGX_OK)
+ {
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+ return 1;
+ }
+
+ if (direction) {
+ qc->write_level = level;
+
+ } else {
+ qc->read_level = level;
+ }
+
+ return 1;
+}
+
+
+static int
+ngx_quic_cbs_got_transport_params(ngx_ssl_conn_t *ssl_conn,
+ const unsigned char *params, size_t params_len, void *arg)
+{
+ ngx_connection_t *c = arg;
+
+ u_char *p, *end;
+ ngx_quic_tp_t ctp;
+ ngx_quic_connection_t *qc;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic ngx_quic_cbs_got_transport_params() len:%uz",
+ params_len);
+
+ qc = ngx_quic_get_connection(c);
+
+ /* defaults for parameters not sent by client */
+ ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t));
+
+ p = (u_char *) params;
+ end = p + params_len;
+
+ if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) != NGX_OK) {
+ qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
+ qc->error_reason = "failed to process transport parameters";
+
+ return 1;
+ }
+
+ if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) {
+ return 1;
+ }
+
+ qc->client_tp_done = 1;
+
+ return 1;
+}
+
+
+static int
+ngx_quic_cbs_alert(ngx_ssl_conn_t *ssl_conn, unsigned char alert, void *arg)
+{
+ ngx_connection_t *c = arg;
+
+ ngx_quic_connection_t *qc;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic ngx_quic_cbs_alert() alert:%d", (int) alert);
+
+ /* already closed on regular shutdown */
+
+ qc = ngx_quic_get_connection(c);
+ if (qc == NULL) {
+ return 1;
+ }
+
+ qc->error = NGX_QUIC_ERR_CRYPTO(alert);
+ qc->error_reason = "handshake failed";
+
+ return 1;
+}
+
+
+#else /* NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API */
+
+
+static ngx_inline ngx_uint_t
+ngx_quic_map_encryption_level(enum ssl_encryption_level_t ssl_level)
+{
+ switch (ssl_level) {
+ case ssl_encryption_initial:
+ return NGX_QUIC_ENCRYPTION_INITIAL;
+ case ssl_encryption_early_data:
+ return NGX_QUIC_ENCRYPTION_EARLY_DATA;
+ case ssl_encryption_handshake:
+ return NGX_QUIC_ENCRYPTION_HANDSHAKE;
+ default: /* ssl_encryption_application */
+ return NGX_QUIC_ENCRYPTION_APPLICATION;
+ }
+}
#if (NGX_QUIC_BORINGSSL_API)
static int
ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
- enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
+ enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
const uint8_t *rsecret, size_t secret_len)
{
+ ngx_uint_t level;
ngx_connection_t *c;
ngx_quic_connection_t *qc;
- c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+ c = ngx_ssl_get_connection(ssl_conn);
qc = ngx_quic_get_connection(c);
+ level = ngx_quic_map_encryption_level(ssl_level);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "quic ngx_quic_set_read_secret() level:%d", level);
+ "quic ngx_quic_set_read_secret() level:%d", ssl_level);
#ifdef NGX_QUIC_DEBUG_CRYPTO
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic read secret len:%uz %*xs", secret_len,
@@ -72,7 +365,7 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
cipher, rsecret, secret_len)
!= NGX_OK)
{
- return 0;
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
}
return 1;
@@ -81,17 +374,19 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
static int
ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
- enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
+ enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
const uint8_t *wsecret, size_t secret_len)
{
+ ngx_uint_t level;
ngx_connection_t *c;
ngx_quic_connection_t *qc;
- c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+ c = ngx_ssl_get_connection(ssl_conn);
qc = ngx_quic_get_connection(c);
+ level = ngx_quic_map_encryption_level(ssl_level);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "quic ngx_quic_set_write_secret() level:%d", level);
+ "quic ngx_quic_set_write_secret() level:%d", ssl_level);
#ifdef NGX_QUIC_DEBUG_CRYPTO
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic write secret len:%uz %*xs", secret_len,
@@ -102,28 +397,31 @@ ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
cipher, wsecret, secret_len)
!= NGX_OK)
{
- return 0;
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
}
return 1;
}
-#else
+#else /* NGX_QUIC_QUICTLS_API */
static int
ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
- enum ssl_encryption_level_t level, const uint8_t *rsecret,
+ enum ssl_encryption_level_t ssl_level, const uint8_t *rsecret,
const uint8_t *wsecret, size_t secret_len)
{
+ ngx_uint_t level;
ngx_connection_t *c;
const SSL_CIPHER *cipher;
ngx_quic_connection_t *qc;
- c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+ c = ngx_ssl_get_connection(ssl_conn);
qc = ngx_quic_get_connection(c);
+ level = ngx_quic_map_encryption_level(ssl_level);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "quic ngx_quic_set_encryption_secrets() level:%d", level);
+ "quic ngx_quic_set_encryption_secrets() level:%d",
+ ssl_level);
#ifdef NGX_QUIC_DEBUG_CRYPTO
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic read secret len:%uz %*xs", secret_len,
@@ -136,10 +434,11 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
cipher, rsecret, secret_len)
!= NGX_OK)
{
- return 0;
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+ return 1;
}
- if (level == ssl_encryption_early_data) {
+ if (level == NGX_QUIC_ENCRYPTION_EARLY_DATA) {
return 1;
}
@@ -153,7 +452,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
cipher, wsecret, secret_len)
!= NGX_OK)
{
- return 0;
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
}
return 1;
@@ -164,24 +463,24 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
static int
ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
- enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
+ enum ssl_encryption_level_t ssl_level, const uint8_t *data, size_t len)
{
u_char *p, *end;
size_t client_params_len;
+ ngx_uint_t level;
ngx_chain_t *out;
+ unsigned int alpn_len;
const uint8_t *client_params;
ngx_quic_tp_t ctp;
ngx_quic_frame_t *frame;
ngx_connection_t *c;
+ const unsigned char *alpn_data;
ngx_quic_send_ctx_t *ctx;
ngx_quic_connection_t *qc;
-#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
- unsigned int alpn_len;
- const unsigned char *alpn_data;
-#endif
- c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+ c = ngx_ssl_get_connection(ssl_conn);
qc = ngx_quic_get_connection(c);
+ level = ngx_quic_map_encryption_level(ssl_level);
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic ngx_quic_add_handshake_data");
@@ -193,21 +492,20 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
* here;
*/
-#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
-
SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);
if (alpn_len == 0) {
- qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
- qc->error_reason = "unsupported protocol in ALPN extension";
+ if (qc->error == 0) {
+ qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
+ qc->error_reason = "missing ALPN extension";
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "quic unsupported protocol in ALPN extension");
- return 0;
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "quic missing ALPN extension");
+ }
+
+ return 1;
}
-#endif
-
SSL_get_peer_quic_transport_params(ssl_conn, &client_params,
&client_params_len);
@@ -217,12 +515,16 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
if (client_params_len == 0) {
/* RFC 9001, 8.2. QUIC Transport Parameters Extension */
- qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
- qc->error_reason = "missing transport parameters";
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "missing transport parameters");
- return 0;
+ if (qc->error == 0) {
+ qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
+ qc->error_reason = "missing transport parameters";
+
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "missing transport parameters");
+ }
+
+ return 1;
}
p = (u_char *) client_params;
@@ -237,11 +539,11 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
qc->error_reason = "failed to process transport parameters";
- return 0;
+ return 1;
}
if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) {
- return 0;
+ return 1;
}
qc->client_tp_done = 1;
@@ -251,12 +553,14 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
out = ngx_quic_copy_buffer(c, (u_char *) data, len);
if (out == NGX_CHAIN_ERROR) {
- return 0;
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+ return 1;
}
frame = ngx_quic_alloc_frame(c);
if (frame == NULL) {
- return 0;
+ qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+ return 1;
}
frame->data = out;
@@ -279,7 +583,7 @@ ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
#if (NGX_DEBUG)
ngx_connection_t *c;
- c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+ c = ngx_ssl_get_connection(ssl_conn);
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic ngx_quic_flush_flight()");
@@ -289,17 +593,17 @@ ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
static int
-ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
- uint8_t alert)
+ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
+ enum ssl_encryption_level_t ssl_level, uint8_t alert)
{
ngx_connection_t *c;
ngx_quic_connection_t *qc;
- c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+ c = ngx_ssl_get_connection(ssl_conn);
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "quic ngx_quic_send_alert() level:%s alert:%d",
- ngx_quic_level_name(level), (int) alert);
+ "quic ngx_quic_send_alert() level:%d alert:%d",
+ ssl_level, (int) alert);
/* already closed on regular shutdown */
@@ -314,13 +618,14 @@ ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
return 1;
}
+#endif
+
ngx_int_t
ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
ngx_quic_frame_t *frame)
{
uint64_t last;
- ngx_chain_t *cl;
ngx_quic_send_ctx_t *ctx;
ngx_quic_connection_t *qc;
ngx_quic_crypto_frame_t *f;
@@ -343,13 +648,13 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
}
if (last <= ctx->crypto.offset) {
- if (pkt->level == ssl_encryption_initial) {
+ if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
/* speeding up handshake completion */
if (!ngx_queue_empty(&ctx->sent)) {
ngx_quic_resend_frames(c, ctx);
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
+ ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_HANDSHAKE);
while (!ngx_queue_empty(&ctx->sent)) {
ngx_quic_resend_frames(c, ctx);
}
@@ -359,43 +664,25 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
return NGX_OK;
}
- if (f->offset == ctx->crypto.offset) {
- if (ngx_quic_crypto_input(c, frame->data, pkt->level) != NGX_OK) {
- return NGX_ERROR;
- }
-
- ngx_quic_skip_buffer(c, &ctx->crypto, last);
-
- } else {
- if (ngx_quic_write_buffer(c, &ctx->crypto, frame->data, f->length,
- f->offset)
- == NGX_CHAIN_ERROR)
- {
- return NGX_ERROR;
- }
+ if (ngx_quic_write_buffer(c, &ctx->crypto, frame->data, f->length,
+ f->offset)
+ == NGX_CHAIN_ERROR)
+ {
+ return NGX_ERROR;
}
- cl = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1);
-
- if (cl) {
- if (ngx_quic_crypto_input(c, cl, pkt->level) != NGX_OK) {
- return NGX_ERROR;
- }
-
- ngx_quic_free_chain(c, cl);
+ if (ngx_quic_crypto_provide(c, pkt->level) != NGX_OK) {
+ return NGX_ERROR;
}
- return NGX_OK;
+ return ngx_quic_handshake(c);
}
static ngx_int_t
-ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
- enum ssl_encryption_level_t level)
+ngx_quic_handshake(ngx_connection_t *c)
{
int n, sslerr;
- ngx_buf_t *b;
- ngx_chain_t *cl;
ngx_ssl_conn_t *ssl_conn;
ngx_quic_frame_t *frame;
ngx_quic_connection_t *qc;
@@ -404,20 +691,14 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
ssl_conn = c->ssl->connection;
- for (cl = data; cl; cl = cl->next) {
- b = cl->buf;
-
- if (!SSL_provide_quic_data(ssl_conn, level, b->pos, b->last - b->pos)) {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "SSL_provide_quic_data() failed");
- return NGX_ERROR;
- }
- }
-
n = SSL_do_handshake(ssl_conn);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
+ if (qc->error) {
+ return NGX_ERROR;
+ }
+
if (n <= 0) {
sslerr = SSL_get_error(ssl_conn, n);
@@ -433,13 +714,13 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
return NGX_ERROR;
}
- ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+ ngx_ssl_connection_error(c, sslerr, 0, "SSL_do_handshake() failed");
return NGX_ERROR;
}
}
- if (n <= 0 || SSL_in_init(ssl_conn)) {
- if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data, 0)
+ if (!SSL_is_init_finished(ssl_conn)) {
+ if (ngx_quic_keys_available(qc->keys, NGX_QUIC_ENCRYPTION_EARLY_DATA, 0)
&& qc->client_tp_done)
{
if (ngx_quic_init_streams(c) != NGX_OK) {
@@ -461,7 +742,7 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
ngx_quic_queue_frame(qc, frame);
@@ -485,7 +766,7 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
* An endpoint MUST discard its Handshake keys
* when the TLS handshake is confirmed.
*/
- ngx_quic_discard_ctx(c, ssl_encryption_handshake);
+ ngx_quic_discard_ctx(c, NGX_QUIC_ENCRYPTION_HANDSHAKE);
ngx_quic_discover_path_mtu(c, qc->path);
@@ -502,17 +783,97 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
}
+static ngx_int_t
+ngx_quic_crypto_provide(ngx_connection_t *c, ngx_uint_t level)
+{
+#if (NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API)
+
+ ngx_buf_t *b;
+ ngx_chain_t *out, *cl;
+ ngx_quic_send_ctx_t *ctx;
+ ngx_quic_connection_t *qc;
+ enum ssl_encryption_level_t ssl_level;
+
+ qc = ngx_quic_get_connection(c);
+ ctx = ngx_quic_get_send_ctx(qc, level);
+
+ out = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1);
+ if (out == NGX_CHAIN_ERROR) {
+ return NGX_ERROR;
+ }
+
+ switch (level) {
+ case NGX_QUIC_ENCRYPTION_INITIAL:
+ ssl_level = ssl_encryption_initial;
+ break;
+ case NGX_QUIC_ENCRYPTION_EARLY_DATA:
+ ssl_level = ssl_encryption_early_data;
+ break;
+ case NGX_QUIC_ENCRYPTION_HANDSHAKE:
+ ssl_level = ssl_encryption_handshake;
+ break;
+ default: /* NGX_QUIC_ENCRYPTION_APPLICATION */
+ ssl_level = ssl_encryption_application;
+ break;
+ }
+
+ for (cl = out; cl; cl = cl->next) {
+ b = cl->buf;
+
+ if (!SSL_provide_quic_data(c->ssl->connection, ssl_level, b->pos,
+ b->last - b->pos))
+ {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
+ "SSL_provide_quic_data() failed");
+ return NGX_ERROR;
+ }
+ }
+
+ ngx_quic_free_chain(c, out);
+
+#endif
+
+ return NGX_OK;
+}
+
+
ngx_int_t
ngx_quic_init_connection(ngx_connection_t *c)
{
- u_char *p;
- size_t clen;
- ssize_t len;
- ngx_str_t dcid;
- ngx_ssl_conn_t *ssl_conn;
- ngx_quic_socket_t *qsock;
- ngx_quic_connection_t *qc;
- static SSL_QUIC_METHOD quic_method;
+ u_char *p;
+ size_t clen;
+ ssize_t len;
+ ngx_str_t dcid;
+ ngx_ssl_conn_t *ssl_conn;
+ ngx_quic_socket_t *qsock;
+ ngx_quic_connection_t *qc;
+
+#if (NGX_QUIC_OPENSSL_API)
+ static const OSSL_DISPATCH qtdis[] = {
+
+ { OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND,
+ (void (*)(void)) ngx_quic_cbs_send },
+
+ { OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD,
+ (void (*)(void)) ngx_quic_cbs_recv_rcd },
+
+ { OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RELEASE_RCD,
+ (void (*)(void)) ngx_quic_cbs_release_rcd },
+
+ { OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET,
+ (void (*)(void)) ngx_quic_cbs_yield_secret },
+
+ { OSSL_FUNC_SSL_QUIC_TLS_GOT_TRANSPORT_PARAMS,
+ (void (*)(void)) ngx_quic_cbs_got_transport_params },
+
+ { OSSL_FUNC_SSL_QUIC_TLS_ALERT,
+ (void (*)(void)) ngx_quic_cbs_alert },
+
+ { 0, NULL }
+ };
+#else /* NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API */
+ static SSL_QUIC_METHOD quic_method;
+#endif
qc = ngx_quic_get_connection(c);
@@ -524,6 +885,20 @@ ngx_quic_init_connection(ngx_connection_t *c)
ssl_conn = c->ssl->connection;
+#if (NGX_QUIC_OPENSSL_API)
+
+ if (SSL_set_quic_tls_cbs(ssl_conn, qtdis, c) == 0) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
+ "quic SSL_set_quic_tls_cbs() failed");
+ return NGX_ERROR;
+ }
+
+ if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
+ SSL_set_quic_tls_early_data_enabled(ssl_conn, 1);
+ }
+
+#else /* NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API */
+
if (!quic_method.send_alert) {
#if (NGX_QUIC_BORINGSSL_API)
quic_method.set_read_secret = ngx_quic_set_read_secret;
@@ -537,15 +912,17 @@ ngx_quic_init_connection(ngx_connection_t *c)
}
if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
"quic SSL_set_quic_method() failed");
return NGX_ERROR;
}
-#ifdef OPENSSL_INFO_QUIC
+#if (NGX_QUIC_QUICTLS_API)
if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
SSL_set_quic_early_data_enabled(ssl_conn, 1);
}
+#endif
+
#endif
qsock = ngx_quic_get_socket(c);
@@ -577,15 +954,23 @@ ngx_quic_init_connection(ngx_connection_t *c)
"quic transport parameters len:%uz %*xs", len, len, p);
#endif
+#if (NGX_QUIC_OPENSSL_API)
+ if (SSL_set_quic_tls_transport_params(ssl_conn, p, len) == 0) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
+ "quic SSL_set_quic_tls_transport_params() failed");
+ return NGX_ERROR;
+ }
+#else
if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
"quic SSL_set_quic_transport_params() failed");
return NGX_ERROR;
}
+#endif
#ifdef OPENSSL_IS_BORINGSSL
if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
"quic SSL_set_quic_early_data_context() failed");
return NGX_ERROR;
}
diff --git a/src/event/quic/ngx_event_quic_streams.c b/src/event/quic/ngx_event_quic_streams.c
index a9a21f5..18fffea 100644
--- a/src/event/quic/ngx_event_quic_streams.c
+++ b/src/event/quic/ngx_event_quic_streams.c
@@ -280,7 +280,7 @@ ngx_quic_do_reset_stream(ngx_quic_stream_t *qs, ngx_uint_t err)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_RESET_STREAM;
frame->u.reset_stream.id = qs->id;
frame->u.reset_stream.error_code = err;
@@ -367,7 +367,7 @@ ngx_quic_shutdown_stream_recv(ngx_connection_t *c)
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pc->log, 0,
"quic stream id:0x%xL recv shutdown", qs->id);
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_STOP_SENDING;
frame->u.stop_sending.id = qs->id;
frame->u.stop_sending.error_code = qc->conf->stream_close_code;
@@ -527,7 +527,7 @@ ngx_quic_reject_stream(ngx_connection_t *c, uint64_t id)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_RESET_STREAM;
frame->u.reset_stream.id = id;
frame->u.reset_stream.error_code = code;
@@ -540,7 +540,7 @@ ngx_quic_reject_stream(ngx_connection_t *c, uint64_t id)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_STOP_SENDING;
frame->u.stop_sending.id = id;
frame->u.stop_sending.error_code = code;
@@ -1062,7 +1062,7 @@ ngx_quic_stream_flush(ngx_quic_stream_t *qs)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_STREAM;
frame->data = out;
@@ -1180,7 +1180,7 @@ ngx_quic_close_stream(ngx_quic_stream_t *qs)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_MAX_STREAMS;
if (qs->id & NGX_QUIC_STREAM_UNIDIRECTIONAL) {
@@ -1771,7 +1771,7 @@ ngx_quic_update_max_stream_data(ngx_quic_stream_t *qs)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_MAX_STREAM_DATA;
frame->u.max_stream_data.id = qs->id;
frame->u.max_stream_data.limit = qs->recv_max_data;
@@ -1807,7 +1807,7 @@ ngx_quic_update_max_data(ngx_connection_t *c)
return NGX_ERROR;
}
- frame->level = ssl_encryption_application;
+ frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
frame->type = NGX_QUIC_FT_MAX_DATA;
frame->u.max_data.max_data = qc->streams.recv_max_data;
diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c
index bb13447..ba6211c 100644
--- a/src/event/quic/ngx_event_quic_transport.c
+++ b/src/event/quic/ngx_event_quic_transport.c
@@ -281,7 +281,7 @@ ngx_int_t
ngx_quic_parse_packet(ngx_quic_header_t *pkt)
{
if (!ngx_quic_long_pkt(pkt->flags)) {
- pkt->level = ssl_encryption_application;
+ pkt->level = NGX_QUIC_ENCRYPTION_APPLICATION;
if (ngx_quic_parse_short_header(pkt, NGX_QUIC_SERVER_CID_LEN) != NGX_OK)
{
@@ -468,13 +468,13 @@ ngx_quic_parse_long_header_v1(ngx_quic_header_t *pkt)
return NGX_ERROR;
}
- pkt->level = ssl_encryption_initial;
+ pkt->level = NGX_QUIC_ENCRYPTION_INITIAL;
} else if (ngx_quic_pkt_zrtt(pkt->flags)) {
- pkt->level = ssl_encryption_early_data;
+ pkt->level = NGX_QUIC_ENCRYPTION_EARLY_DATA;
} else if (ngx_quic_pkt_hs(pkt->flags)) {
- pkt->level = ssl_encryption_handshake;
+ pkt->level = NGX_QUIC_ENCRYPTION_HANDSHAKE;
} else {
ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
@@ -593,7 +593,7 @@ ngx_quic_payload_size(ngx_quic_header_t *pkt, size_t pkt_len)
/* flags, version, dcid and scid with lengths and zero-length token */
len = 5 + 2 + pkt->dcid.len + pkt->scid.len
- + (pkt->level == ssl_encryption_initial ? 1 : 0);
+ + (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL ? 1 : 0);
if (len > pkt_len) {
return 0;
@@ -632,7 +632,7 @@ ngx_quic_create_long_header(ngx_quic_header_t *pkt, u_char *out,
if (out == NULL) {
return 5 + 2 + pkt->dcid.len + pkt->scid.len
+ ngx_quic_varint_len(rem_len) + pkt->num_len
- + (pkt->level == ssl_encryption_initial ? 1 : 0);
+ + (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL ? 1 : 0);
}
p = start = out;
@@ -647,7 +647,7 @@ ngx_quic_create_long_header(ngx_quic_header_t *pkt, u_char *out,
*p++ = pkt->scid.len;
p = ngx_cpymem(p, pkt->scid.data, pkt->scid.len);
- if (pkt->level == ssl_encryption_initial) {
+ if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
ngx_quic_build_int(&p, 0);
}
@@ -1773,7 +1773,7 @@ ngx_quic_parse_transport_params(u_char *p, u_char *end, ngx_quic_tp_t *tp,
}
if (rc == NGX_DECLINED) {
- ngx_log_error(NGX_LOG_INFO, log, 0,
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,
"quic %s transport param id:0x%xL, skipped",
(id % 31 == 27) ? "reserved" : "unknown", id);
}
diff --git a/src/event/quic/ngx_event_quic_transport.h b/src/event/quic/ngx_event_quic_transport.h
index dcd763d..656cb09 100644
--- a/src/event/quic/ngx_event_quic_transport.h
+++ b/src/event/quic/ngx_event_quic_transport.h
@@ -47,9 +47,9 @@
(ngx_quic_long_pkt(flags) ? 0x0F : 0x1F)
#define ngx_quic_level_name(lvl) \
- (lvl == ssl_encryption_application) ? "app" \
- : (lvl == ssl_encryption_initial) ? "init" \
- : (lvl == ssl_encryption_handshake) ? "hs" : "early"
+ (lvl == NGX_QUIC_ENCRYPTION_APPLICATION) ? "app" \
+ : (lvl == NGX_QUIC_ENCRYPTION_INITIAL) ? "init" \
+ : (lvl == NGX_QUIC_ENCRYPTION_HANDSHAKE) ? "hs" : "early"
#define NGX_QUIC_MAX_CID_LEN 20
#define NGX_QUIC_SERVER_CID_LEN NGX_QUIC_MAX_CID_LEN
@@ -262,7 +262,7 @@ typedef struct ngx_quic_frame_s ngx_quic_frame_t;
struct ngx_quic_frame_s {
ngx_uint_t type;
- enum ssl_encryption_level_t level;
+ ngx_uint_t level;
ngx_queue_t queue;
uint64_t pnum;
size_t plen;
@@ -310,7 +310,7 @@ typedef struct {
uint8_t flags;
uint32_t version;
ngx_str_t token;
- enum ssl_encryption_level_t level;
+ ngx_uint_t level;
ngx_uint_t error;
/* filled in by parser */